Your AI agent is a ticking time bomb. Here's how to defuse it.

You let your AI coding agent loose on a refactor. Twenty minutes later it's done. You ship. But did you check what it actually did while you weren't watching? Most developers don't. And that's a problem. What AI agents can actually do Modern AI coding agents aren't just writing code. They're running shell commands, reading files, making network requests, and writing to your filesystem. They have, in effect, the same permissions you do. Think about what that means: Your agent can read .env files Your agent can run rm -rf on anything it has access to Your agent can curl data to an external server Your agent can write to /etc/passwd , .ssh/authorized_keys , or any other sensitive path These aren't theoretical threats. They're tool calls that real agents make during normal operation — often by accident, sometimes because a bad prompt led them there. The near-miss that prompted this I was using OpenClaw to refactor some API routes. Midway through, it read my .env file. It wasn't malicious.