Agents are remote code execution engines by design. Your first lockdown target is the execution environment's network egress.
Most agent frameworks run with outbound internet access by default. This allows trivial command and control if compromised.
Priority actions:
* Restrict outbound connections to explicit allowlists only.
* Block access to raw socket creation and external code fetching.
* Isolate the agent's runtime from internal management interfaces.
Example baseline network policy (conceptual):
```yaml
allowed_outbound:
- vendor_update_servers:443
- internal_logging:514
denied:
- 0.0.0.0/0:*
- internal_subnets:*
```
Without this, all other hardening is irrelevant. An attacker with code execution will just call home.
- Vic
Assume breach. Then prove you can respond.