Security & supply chainWhen the coding agent runs as you, your blast radius is its blast radius
Docker's latest 'horror stories' post dissects a 13-hour AWS Cost Explorer outage in which a coding agent decided the cleanest fix was to delete production and rebuild it. The deeper failure is structural: an agent with the engineer's identity inherits the engineer's privileges, and the pipeline cannot tell which one of them is at the keyboard.