[red_admiral]

It feels to me like AI agents should be their own security principals and use access tokens generated speficically for them on the repos or orgs that they need access to. Handing an AI agent an access token "minted" for a human's account feels to me like the new "write the password on a post-it".

[silon42]

Not just AI agents... basically, if you cd Projects/foo, that should be it's own user (for running npm, etc) that should not have access to parent user data (probably including github tokens, etc).

[matheusmoreira]

> basically, if you cd Projects/foo, that should be it's own user

Agreed. I went further and turned that into its own isolated virtual machine. The credentials problem is really annoying though. AI agents need the access in order to be useful.

[IX-103]

Why not both?

[Klathmon]

This is what I'm advocating for.

Give each dev's AI agent its own identity with its own access controls and tokens and everything.

It helps solve both the access control and attribution issues

[notnaut]

As long as there’s a way to deterministically tie a model call to a human user. I think a loss of culpability is something some companies are afraid of to some extent.

[etiennebausson]

Loss of liability is what company are built for, see the meaning of LLC as an exemple.

Of course, it is only their employees that are impacted instead of their bottom line, they might be more tolerant?