I wonder how AI agents would even be doable if security was properly taken care of. You don't want them to fuck up your system, so you put them in a sandbox. You don't want them to install malicious packages in your project so you... don't allow them to install any? Ask the user? At that point, what's the point of agents if the user needs to intervene all the time? It wouldn't even lead to solid security because most people just respond to such prompts with "continue and leave me alone" without spending a single second to check what it's about to do.