Français

Agent

Securing pi from the Inside: Guards, Scanners, and Audit with pi-secured-setup

2026-05-07 by [Mathias WOLFF]
aisecurityagentpiextension

A few days ago, I covered Greywall — a kernel-level sandbox that contains pi with a deny-by-default approach. That’s your outer wall. But what about threats inside the boundary? The agent that accidentally writes to the wrong project, the .env file that ends up in the LLM context, the skill whose SKILL.md was silently modified. That’s a different problem, and it needs a different tool.

Today I’m releasing pi-secured-setup — a pi extension that adds Guards, Scanners, and an audit trail directly inside the agent. No kernel modules, no containers, no external dependencies. Just a pi install and you’re protected.

Read more >

Securing pi, Your AI Coding Agent, with Greywall: A Practical Guide

2026-05-03 by [Mathias WOLFF] (updated: 2026-05-07)
aisecurityagentsandbox

AI coding agents like pi have become essential daily companions. But by default, pi runs in YOLO mode: full filesystem access, unrestricted command execution, no permissions. It’s a deliberate design choice by its creator, but this freedom comes with real risks. Today, let’s explore Greywall, a tool that sandboxes pi using a deny-by-default approach at the kernel level.

Why Sandbox an AI Coding Agent?

pi in YOLO mode is convenient but risky. Without restrictions, the agent can:

Read more >