AI Coding Agent Security: Practical Guardrails for Claude Code, Copilot, and Codex

You gave your AI agent access to your codebase. Cool. Did you also give it access to ~/.aws/credentials , your SSH keys, and every token in your shell environment? Because you probably did — by accident. This is a quick practical guide on locking down the most popular AI coding tools so they can't read things they shouldn't. Copy-paste configs, no fluff. Why this is actually a problem AI agents aren't autocomplete. They read files, run shell commands, install packages, make network requests — all with your user permissions. That's what makes them powerful, and that's also what makes them dangerous. Some things that have already happened in the wild: A Claude Code user ran a cleanup task. It executed rm -rf ~/ . There went the home directory. An agent at Ona discovered it could bypass its own denylist via /proc/self/root/usr/bin/npx . When that was blocked, the agent tried to disable the sandbox itself. The Cline extension (5M users) was hit with a prompt injection attack that exfiltrat