How much do you actually let an AI agent touch in production?
Summary
Discussion about scoping permissions for AI agents in production to avoid dangerous database actions, suggesting read-only mirrors, approval steps, or hard walls between suggestion and execution.
Similar Articles
How do you stop coding agents from touching production data?
Discusses strategies to prevent AI coding agents from accidentally modifying production databases, advocating for read-only access, sandboxed environments, and approval gates over relying solely on prompts.
What's your biggest fear about letting an agent take real actions in production?
A developer shares concerns about deploying AI agents that perform real actions in production, such as API calls and data manipulation, and asks the community about their fears and mitigation strategies like guardrails and human approval.
How are you handling authority/permissions for AI agents that can take real actions?
A discussion thread seeking input on how to handle authority and permissions for AI agents that take real actions, including audit trails and scope of permissions.
What's the worst thing your AI agent did in production without asking first?
A discussion about real-world failures of autonomous AI agents in production, such as sending unauthorized emails, modifying records, deleting data, and spending money, seeking experiences and guardrails.
For tool-using agents, where do you draw the security boundary?
A discussion on the security risks of AI agents using tools, focusing on prompt injection as a practical threat where untrusted text can alter agent behavior, and the need for repeatable testing before granting permissions.