Your AI Agent Is Running As Root

Your AI Agent Is Running As Root

From Resilient Cyber by Chris Hughes

April 8, 2026 · 45 min

About this episode

Luke Hinds discusses the security implications of AI coding agents and introduces Sigstore as a solution for software supply chain security.

When you fire up Claude Code, Cursor, or any AI coding agent, it launches with your full system permissions, your SSH keys, cloud credentials, browser passwords, every file on your machine. Most developers never think twice about it. Luke Hinds did. And then he built something about it. Luke is the creator of Sigstore, the cryptographic signing infrastructure now used by PyPI, Homebrew, GitHub, and Google as the industry standard for software supply chain security. In this episode, he joins C...

People in this episode

Host: Chris Hughes

Guest: Luke Hinds

Topics covered

  • AI coding agents
  • software supply chain security
  • cryptographic signing
  • developer security
  • system permissions

Keywords

  • AI agents
  • Claude Code
  • Cursor
  • SSH keys
  • cloud credentials
  • software security
  • cryptography

Mentioned in this episode

Organizations: Sigstore, PyPI, Homebrew, GitHub, Google

More episodes of Resilient Cyber

Explore listener stats, chart rankings, contacts and more on the Resilient Cyber podcast page.