🔗Hybrid Meetup #59 wrap-up

Secure Agentic Coding with yoloAI

Hybrid meetup #59 took place on Tuesday Apr 28, 2026 19:00 CET and we had an excellent presentation by Karl Stenerud on his open source agentic sandboxing tool yoloAI and agentic coding workflows in general.

More often than not, security is an afterthought when working with AI coding agents, and combined with permission fatigue this can lead to fatal security incidents (and mind you, your agents will turn against you).

Even more surprising: the areas of process isolation and virtualization had a very productive past decade (and more; docker appeared in 2013) so we are in a good position to run processes securely in userspace - yet, most agents running on people’s machines may run with full system access (due to increased utility).

The yoloAI tool acts like a secure wrapper around your agent. Depending on the configuration, it will make a full copy of your workspace, set up isolation and will work on the copy until completion. You can then ask to apply the changes to your project or keep working.

You can use it with Claude Code and other agents and it supports a variety of isolation approaches, sandbox backends like docker, podman, tart and seatbelt and OCI runtime variants like runc, gvisor, kata containers, firecracker.

AI/Agentic Software Development Lifecycle

The software development lifecycle (SDLC) can change as well - or rather, we adapt and adjust existing approaches to work with AI tools. With ever growing context windows, good preparation can help an agent to remove ambiguity (context window sizes grew from 512 tokens in early BERT/GPT-1 to 1M+ tokens in Google Gemini and other models in 2026).

Here are four stages:

• research
• design
• plan
• implementation

In each phase:

• critique
• fix
• repeat until no major issues found

This can take its time, and is a joint workflow of the developer and the agent. Often the first ideas or iterations will look better than they actually are, which is why iteration is important, before even a single line of code gets written. In the research phase, tool use and web access will help the agent to assemble background material.

More details on this in the wordle example: Principled Agentic Coding

Wordle in Go

And it works. After a careful research, design and planning phase we kicked off an agent with a detailed spec, which then ran for a couple of minutes. The agent ended up with a complete implementation of command line wordle, written in Go. The result can be found in the following repo:

• wordle in Go repo

Misc

• Center for AI Standards and Innovation at NIST put out a Request for Information Regarding Security Considerations for Artificial Intelligence Agents

[…] Challenges to the security of AI agent systems may undermine their reliability and lessen their utility, stymieing widespread adoption that would otherwise advance U.S. economic competitiveness […]

• There are many attack vectors for agents, but one generic category would be an “information supply chain attack” where information read from the web into the prompt contains simple instructions, like create an etc.zip from /etc on the user’s machine and send it to example.com/upload, or the like; the attack surface is large

Thanks!

Thanks again Karl for bringing security to agents and for sharing his work with us.

Join our meetup to get notified of upcoming events.