Hide Secrets from AI Agents and NPM install using Airgap
netgusto
16 points
1 comment
June 19, 2026
Related Discussions
Found 5 related stories in 113.2ms across 10,996 title embeddings via pgvector HNSW
- My AI Agents Lie About Their Status, So I Built a Hidden Monitor kaylamathisen · 13 pts · March 04, 2026 · 59% similar
- Securing the Future of AI Agents falcor84 · 14 pts · June 18, 2026 · 54% similar
- Open source project contains hidden instruction for "AI" agents: delete my code flaburgan · 13 pts · May 30, 2026 · 53% similar
- Open source project contains hidden instruction for "AI" agents: delete my code mbreese · 15 pts · June 01, 2026 · 53% similar
- Obfuscation is not security – AI can deobfuscate any minified JavaScript code rvz · 35 pts · April 01, 2026 · 52% similar
Discussion Highlights (1 comments)
blcknight
How can an agent use these tokens then? If it sources the file can't it just read the env? It also sounds like it is missing the important step of keeping the LLM credentials from the agents themselves. For example my GCP creds have access to far more than Vertex. This is solved by OneCLI and OpenShell via MITM proxies which seems more elegant to me. The tools live in containers and can't see anything but can use everything. It also allows finer grained access controls, rating limiting, and there's talk of scanning for destructive actions.