I remember someone on HN once saying they treat LLM agents like human coworkers, security-wise, and that stuck with me.

You don't give your GH keys, email credentials and ssh keys to a coworker. They have their own accounts with scoped permissions. Need them to read an email? Forward it. Need them to work on a repo? Add them as a contributor and enforce the same branch policies you would for any human.

There are still risks, but they're similar to delegating work to humans, so it's up to you how much access and trust to give.