Matthew Garrett1d ago

You have an agent running on your local system. You want it to have access to a restricted set of things, both locally and remote. What is the technical mechanism you use to ensure that it has a subset of the access that you, as an individual logged into the same system, do?

(I am uninterested in "Don't run an agent" because while yes I see your point that doesn't mean it's not happening and security professionals have to deal with what's happening not what we want to be happening)

Show threadAsh1d ago
@mjg59 https://leash.strongdm.ai/ looks promising
Leash by StrongDM — Security for AI Agents

Security, visibility, and authorization for AI agents. Sandboxed execution, MCP authorization, and policy enforcement from development to production.

Leash
Show threadMatthew Garrett1d ago
@ash Well no given it seems to be focused on MCP as a boundary and sadly that's not how anything works as of last month
Show threadAsh1d ago

@mjg59 that might be the how the page describes, but the native Darwin mode is not in anyway to do with an MCP.

It uses Kernel feature to filter and deny file r, w, exec, and net access.

When I’m at my desk I’ll get a screen shot

Show threadMatthew Garrett
@ash That still doesn't really help me, I need something that's aware of who's using what token
Apr 2 at 9:15amWeb