vercel.com
|
ksl
|
|
Vercel engineers Malte Ubl and Harpreet Arora published a detailed breakdown of how agentic coding systems like Claude Code and Cursor fail at security boundaries by default. The core problem is simple – agents, generated code, and infrastructure typically share one security context, which means a prompt injection buried in a log file can exfiltrate SSH keys or AWS credentials. The post walks through five architectures ranging from zero isolation to full sandboxing with secret injection proxies, landing on separated compute with credential brokering as the production recommendation. As more teams ship autonomous coding agents, this kind of infrastructure-level security thinking has been conspicuously absent from most vendor documentation. Vercel is positioning its own sandbox and fluid compute products as the answer, but the threat model holds regardless of platform.
