This post is inspired by a post I saw on BlueSky:
This limitation is very painful, but some strategies can be utilized to get a best-effort workaround. Like any other SaaS product that requires security guarantees, this fiasco operates a shared-responsibility model. The agent provider will do some stuff for you, but you are ultimately responsible for the safety of the environment the agent has access to.
Before I dive deeper, it is worth clarifying what an “agent” is for readers who may not know. An agent is an LLM combined with a “harness.” The harness is an interface for the LLM to consume. It can include “tools,” skills, MCP servers, web access, and a file system interface. The harness upgrades an LLM from a naive “token-predictor” to an actor in an environment (up to 6x better results). Products like Codex or Claude Code should not be mistaken for LLMs; they are agents! You can still use Anthropic or OpenAI’s API offerings to use the LLMs directly. But the subscription offerings are for agent products. Therefore, you are oddly burdened by the agent’s abundance of abilities.
Let’s dive into some solutions.