Agent Security#
Agents in LIT don't operate outside your security model — they operate within it. Every agent action is subject to the same access controls, permissions, and audit trails that govern human users.
Linux-Backed Security#
LIT runs on Linux. Agent actions execute under real Linux user accounts with real filesystem permissions. An agent can only read files the user can read, write files the user can write, and execute processes the user can run.
This isn't a custom security layer built on top of an AI system — it's 50 years of battle-tested operating system security applied directly to agent behavior. There are no special AI permissions. There are no privilege escalation paths unique to agents. The security model is the same one that secures every server on the internet.
Agents Operate as Users#
When an agent acts on behalf of a user, it acts as that user — with that user's permissions and no more. When an agent acts on behalf of a service account, it operates with that service account's permissions.
This means:
- Agents cannot access data the user cannot access
- Agents cannot escalate privileges beyond the user's role
- All agent file I/O is subject to standard Linux ACLs
- Agent process execution is scoped to the user's environment
Audit Trail#
Every agent action produces a record: what was invoked, when, under which identity, with what inputs and outputs. See Audit Log & Transcripts for the full transparency stack.
Safe Mode#
Agents can be configured to run in safe mode — requiring human confirmation before taking any action that modifies state (writing files, running commands, calling external APIs). Safe mode is appropriate for agents with access to sensitive systems or production infrastructure.
For data science work, safe mode is useful when an agent is about to launch a long training run, promote a model to production, or modify a shared feature pipeline — actions that are expensive to reverse. You stay in the loop on the decisions that matter, while the AI handles everything else autonomously.