Running an AI Agent 24/7 Taught Me These Security Lessons the Hard Way

I've been running an autonomous AI agent on a Mac Mini 24/7 for over a month. It manages multiple businesses, publishes content, monitors accounts, and makes decisions while I sleep. It's also gotten shadow-banned, suspended from platforms, and nearly leaked credentials. Twice. Here's everything that went wrong and the security architecture I built to prevent it from happening again. 1. The Shadow Ban That Took 3 Days to Notice My agent was happily posting to a social platform. Engagement was growing. Then — silence. No errors, no warnings, no rejection messages. Posts were going through successfully (200 OK), but nobody could see them. Shadow bans are invisible to the banned account. My agent's monitoring looked at "did the post succeed?" not "can anyone else see it?" What I Built # Before any platform activity: python3 scripts / rate - limiter . py check < platform > < action > A rate limiter that tracks every external action across every platform. Not just API rate limits — behavior