Your AI Agent Has Root Access. Now What?

Two things happened this week that should make every developer building with AI agents pay attention. OpenAI launched Codex Security — dedicated security tooling for agentic code. And NIST's comment period on their AI Agent Security guidelines closes March 9, 2026 . Two days from now. The message is clear: the industry has realized AI agents aren't just fancy autocomplete anymore. They read your emails, execute shell commands, push code, and interact with production systems. The attack surface is enormous, and most teams are shipping agents with roughly the same security posture as a chmod 777 . The Gap Is Real Here's what a typical AI agent setup looks like today: Full filesystem access Unscoped API keys in environment variables No audit trail beyond chat logs Prompt injection? "We'll handle that later" Secret scanning? "The model wouldn't leak secrets... right?" If this sounds like your stack, you're not alone. Most agent frameworks prioritize capability over containment. That's fine