https://notes.muthu.co/tags/capability-containment/Recent content in Capability-Containment on Engineering NotesHugoen-usThu, 09 Apr 2026 00:00:00 +0000https://notes.muthu.co/2026/04/least-privilege-and-capability-containment-designing-agents-that-cannot-exceed-their-mandate/Thu, 09 Apr 2026 00:00:00 +0000https://notes.muthu.co/2026/04/least-privilege-and-capability-containment-designing-agents-that-cannot-exceed-their-mandate/<p>Every tool you hand an agent is a loaded gun pointed at your infrastructure. Not because the agent is malicious. Because it will use whatever you give it, sometimes in ways you didn&rsquo;t anticipate, and sometimes in response to inputs you didn&rsquo;t control. An agent with write access to a production database, unrestricted shell access, and the ability to send emails will eventually combine those capabilities in a way you didn&rsquo;t intend.</p>