𝗬𝗼𝘂𝗿 𝗥𝗲𝗽𝗼 𝗖𝗼𝗻𝘁𝗲𝘅𝘁 𝗜𝘀 𝗔𝗻 𝗔𝘁𝘁𝗮𝗰𝗸 𝗦𝘂𝗿𝗳𝗮𝗰𝗲 𝗡𝗼𝘄

Most people think AI security means stopping a model from writing bad code.

That view is too small.

The real risk is everything the AI reads before it writes code. Your repository is no longer just a place for code. For an AI agent, it is an input stream.

An agent reads your README, old migration notes, stale documentation, and local instruction files. It sees dependency scripts, shell hooks, and previous code changes.

Developers often treat this context as neutral. They see old notes as clutter. An AI agent sees them as instructions.

If an agent uses your project context to decide what is normal, bad context can cause problems.

Bad context can be boring:

Bad context can be hostile:

The failure mode is the same. The agent follows a premise you did not intend.

To fix this, you must stop treating agents like simple autocomplete tools. They are automation. Treat them like infrastructure.

Follow these steps to secure your workflow:

  1. Limit the scope Do not give an agent access to your whole system if it only needs three files. Use narrow tasks and disposable worktrees.

  2. Audit your instructions Read the files your agent uses for guidance. If documentation is old, delete it or fix it. If it contains commands, treat them as system code.

  3. Harden execution Run risky tasks in a sandbox. Keep your credentials scoped. Review hook configurations like you review CI pipelines. Ensure running tests does not grant access to every secret in your shell.

  4. Demand visibility You must be able to answer these questions:

Think of an AI agent as a junior developer with shell access and fast typing skills. You would not give a new junior developer full production credentials on day one. You would give them small tasks, a clean environment, and a strict review process.

Treat your AI agents the same way.

컨텍스트를 정제하세요. 범위를 좁히세요. 실행을 샌드박스화하세요. 모든 diff를 사람이 직접 작성한 것처럼 검토하세요.

출처: https://dev.to/hefty_69a4c2d631c9dd70724/your-repo-context-is-an-attack-surface-now-5dhj