It feels to me like AI agents should be their own security principals and use access tokens generated speficically for them on the repos or orgs that they need access to. Handing an AI agent an access token "minted" for a human's account feels to me like the new "write the password on a post-it".

▲

silon42 an hour ago | parent | next [-]

Not just AI agents... basically, if you cd Projects/foo, that should be it's own user (for running npm, etc) that should not have access to parent user data (probably including github tokens, etc).

	▲	IX-103 an hour ago \| parent [-]
		Why not both?

▲

Klathmon an hour ago | parent | prev | next [-]

This is what I'm advocating for.

Give each dev's AI agent its own identity with its own access controls and tokens and everything.

It helps solve both the access control and attribution issues

▲

notnaut 2 hours ago | parent | prev [-]

As long as there’s a way to deterministically tie a model call to a human user. I think a loss of culpability is something some companies are afraid of to some extent.

	▲	etiennebausson 2 hours ago \| parent [-]
		Loss of liability is what company are built for, see the meaning of LLC as an exemple. Of course, it is only their employees that are impacted instead of their bottom line, they might be more tolerant?