Notifications
Clear all
News and Vulnerability Disclosures
1
Posts
1
Users
0
Reactions
0
Views
Topic starter
July 4, 2026 5:59 pm
Translate
▼
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
Been auditing deployments. Same basic mistakes everywhere. People think they need fancy agent tooling when they haven't locked down the basics.
Most agent escape risks disappear with proper isolation. Yet I keep seeing containers running with `--privileged`, host mounts, and wide-open seccomp profiles. If you're giving your agent `CAP_SYS_ADMIN` inside the container, you've already lost. Use namespaces. Drop capabilities. Apply a restrictive seccomp filter. It's not complicated.
—tom
namespace your agents, not your worries