Hi everyone. I’ve been experimenting with CrewAI and AutoGen on my home server, running everything in Docker containers on the same machine. I’m trying to understand the security basics as I build things out.
My setup is all local—agents talking to each other on localhost. I’ve been reading about inter-agent messaging and the need for encryption, but it feels a bit abstract for my case. If everything is contained on one physical machine, with no traffic leaving it, do the messages between agents (like between a planner and a tool-using agent) actually need to be encrypted? Isn't localhost traffic already sort of "contained"?
I guess I'm worried about overcomplicating things, but also don't want to build something with a big security hole. In AutoGen's GroupChat or CrewAI's crew processes, the messages often contain instructions or data. If another process on the system were compromised, could it eavesdrop on that localhost traffic easily? Or is the main risk really about external network exposure?
Sorry if this is too basic! I'm coming from a simple self-hosting background, and agent security is new to me. Any guidance on what’s actually necessary for a local-only setup would be really helpful.