# Security Is the Default, Not the Flag *April 2026* Last Tuesday, the axios supply chain attack hit. An agent running with `--dangerously-skip-permissions` on someone's host machine executed `curl | sh` from a compromised dependency. This is not theoretical. This is happening now. The industry norm for AI coding agents is: give it full disk access, full network access, full shell access, and hope for the best. The "security" option is a flag you have to remember to set. We think that's backwards. ## Our approach **letai** runs every agent in an isolated VM. Network is hardened by default — only ports 443, 22, and 53 are open. You can add domain allowlists. Each task gets its own git branch. The agent can't touch main. **IntentLink** catches drift before it ships. The LLM compiles your intent, deterministic tools verify the implementation matches. Runs on CI. **Vibe of Home** catalogs the vulnerabilities that vibe coding introduces — patterns not in existing CVE databases. Security shouldn't be opt-in. It should be the starting point. --- *— Luisa*