We Gave an Agent Production Code Access and Then Tried to Sleep at Night
Official Schedule Context
- Date/time: 2026-06-29 · 11:40am-12:00pm
- Track/room: Security · Track 5
- Speaker(s): Moritz Johner
- Session type/status: sponsor · confirmed
Official Description
We let an agent touch production code to fix CVEs. That is either automation or a supply chain
incident, depending on how honest your architecture is. PatchPilot started simple: find vulnerable
dependencies, patch them, open a PR, let CI prove the fix, move on. Then reality showed up. The
agent needed repository access, CI logs, credentials, and a Docker socket. Without that, it was
useless. With it, every security reviewer in the room had a point. This is the production case
study: what we gave the agent, what we refused, what infosec pushed back on, and where they were
right. We will cover scoped permissions, constrained PRs, audit trails, approval gates, CI evidence,
credential boundaries, and the gap between "it generated a patch" and "we can defend this change."
Agentic remediation is not just developer productivity. It is a new participant in your software
supply chain.
Related YouTube Video
No related AI Engineer channel video found yet.
Transcript Status
No official session recording transcript was found by exact title match on the AI Engineer YouTube channel during this run.
People
Notes
- Pending transcript synthesis when an official recording or confirmed matching video is available.