We let an AI agent execute Bash and lived to talk about it
Official Schedule Context
- Date/time: 2026-07-01 · 2:25pm-2:45pm
- Track/room: Harness Engineering · Main Stage
- Speaker(s): Sarah Sanders
- Session type/status: session · confirmed
Official Description
PostHog's Wizard agent can read your codebase, install packages, and run shell commands on your
laptop. Yes, on purpose. This talk covers how we went from "defense-in-hope" to a standalone, robust
security service. It'll highlight results from a pentest that made us question our life choices, an
internal audit that challenged our architecture, and the debate over how to secure the entire
pipeline. You'll learn why "scan-then-trust" is a weaker model than you think, what it takes to
build kill switches you hope you never use, and what happens when you pentest an AI agent that has
access to Bash.
Related YouTube Video
No related AI Engineer channel video found yet.
Transcript Status
No official session recording transcript was found by exact title match on the AI Engineer YouTube channel during this run.
People
Notes
- Pending transcript synthesis when an official recording or confirmed matching video is available.