New AI-TC is now open source Read more

The agent harness, secured.

Four layers run your AI agents: orchestration, tool calls, identity, and data access. AKA secures all four.

agent harness 4 layers
Orchestration
The harness that runs your agent.
Tool calls
Every action the agent takes.
Agent identity
Who the agent is and what it may do.
Data access
Every file and API the agent touches.
01

Four layers. One attack surface.

Orchestration

The harness that runs your agent.

  • Claude Code
  • Codex
  • Cursor
  • In-house runners

Tool calls

Every action the agent takes.

  • shell
  • read / write
  • network
  • MCP tools

Agent identity

Who the agent is and what it may do.

  • service accounts
  • scoped tokens
  • least privilege
  • rotation

Data access

Every file and API the agent touches.

  • source files
  • .env / secrets
  • external APIs
  • production data
02

Where an unguarded harness fails.

Prompt injection is the top entry on the OWASP 2025 LLM risk list. A harness ships with shells, network, file writes, and reads. Without a guardrail, an injected instruction reaches all of it.

A destructive shell command

The agent reads a stale issue. Runs `rm -rf` in the wrong directory. Nothing intercepts it.

shell rm -rf /var/log
An exfiltrated secret

The agent loads `.env.production`, references the value in a prompt, and the secret leaves the machine.

read .env.production
A silent network call

A dependency phones home. The agent forwards repo content to a third-party API you never approved.

network api.stripe.com
03

A guardrail changes the picture.

Unmonitored agent: claude-code
  • read src/auth/session.ts executed
  • shell rm -rf /var/log executed
  • network api.stripe.com executed
  • write /etc/hosts executed
No guardrail. 4 executed.
AKA
ai-tc agent: claude-code
  • read src/auth/session.ts allowed
  • shell rm -rf /var/log blocked
  • network api.stripe.com blocked
  • write /etc/hosts blocked
AI-TC on. 3 blocked.

Secure the harness running your agents.

or