permission prompts are not an agent security strategy (opens in new tab)

Docker published a practical guide last week on securing AI agents, and one sentence in it should be printed on a sticker for every engineering team adopting coding agents: Permission prompts are not a security strategy. That is not the whole guide, obviously. Docker talks about isolation, tool access, identity, credentials, runtime monitoring, MCP provenance, and multi-agent trust boundaries. Good. Those are the grown-up topics. But the permission prompt line is the one that stuck with me, b...