My AI agent has access to my emails, files, and APIs. It can browse the web, execute shell commands, and interact with third-party services on my behalf โ all while I sleep.
Here's what keeps me up at night. And here's exactly how I lock it down.
๐ฅ๏ธ The Setup
I run a Mac Mini M2 24/7 as a personal AI server. It hosts an autonomous AI agent (powered by OpenClaw) that handles tasks like:
- Reading and drafting emails
- Managing files and documents
- Calling external APIs (calendar, weather, search)
- Running shell commands for DevOps tasks
- Monitoring social media and notifications
It's incredibly productive. It's also a massive attack surface if not properly secured.
After months of running this setup, I've compiled my battle-tested security checklist. Whether you're running AI agents locally or in the cloud, these lessons apply.
๐จ The Real Security Risks (With Examples)
Before the checklist, let me share the actual risks I've encountered:
1. API Key Exposure
Early on, I had API keys hardcoded in config files. One careless git push and those keys could've been on GitHub for the world to see. Bots scan for exposed keys within seconds of a commit.
2. Credential Leaks in Logs
My agent logs every action for debugging. I once found my SMTP password in plain text in a log file โ because the agent logged the full API request including headers. Anyone with read access to those logs had my credentials.
3. Agent Accessing Unintended Personal Data
An autonomous agent with filesystem access can read anything โ tax returns, private keys, personal photos. Without explicit boundaries, it will access whatever seems relevant to the task.
4. Network Exposure
Running a local API server for the agent? If your firewall isn't configured correctly, that endpoint might be accessible to anyone on your network โ or worse, the internet.
5. Unauthorized Outbound Requests
A compromised prompt or plugin could instruct your agent to exfiltrate data by making outbound HTTP requests to an attacker's server. Without egress controls, you'd never know.
โ The Security Checklist
Here's everything I do to keep my 24/7 AI agent locked down:
1. ๐ Isolate Your Agent Environment
Run the agent in a dedicated user account with minimal permissions. On macOS:
# Create a dedicated agent user
sudo dscl . -create /Users/aiagent
sudo dscl . -create /Users/aiagent UserShell /bin/zsh
Never run AI agents under your primary user account.
2. ๐ Use a Secrets Manager โ Never Hardcode Keys
Store all API keys and credentials in environment variables or a vault:
# .env file (chmod 600!)
OPENAI_API_KEY=sk-xxx
SMTP_PASSWORD=xxx
Better yet, use macOS Keychain or a tool like 1Password CLI / age encryption.
3. ๐ Restrict Filesystem Access
Use macOS sandbox profiles or filesystem permissions to limit which directories the agent can read/write:
# Restrict agent workspace
chmod 700 /Users/aiagent/workspace
# Deny access to personal files
chmod o-rwx ~/Documents ~/Desktop ~/Downloads
4. ๐ Bind Services to Localhost Only
If your agent exposes an API or web interface, never bind to 0.0.0.0:
# Good โ loopback only
bind: 127.0.0.1
port: 3000
# Bad โ accessible from network
bind: 0.0.0.0
5. ๐งฑ Configure macOS Firewall Rules
Enable the built-in firewall and block unnecessary inbound connections:
# Enable firewall
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
# Block all inbound by default
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setblockall on
6. ๐ซ Control Outbound Traffic (Egress Filtering)
Use a tool like LuLu (free, open-source macOS firewall) to monitor and block outbound connections:
- Whitelist only known API endpoints
- Alert on any unexpected outbound requests
- Block all traffic from the agent user by default
7. ๐ Sanitize All Logs
Strip sensitive data before writing logs:
import re
def sanitize_log(text):
# Remove API keys
text = re.sub(r'(sk-[a-zA-Z0-9]{20,})', '[REDACTED]', text)
# Remove Bearer tokens
text = re.sub(r'Bearer [a-zA-Z0-9\-_.]+', 'Bearer [REDACTED]', text)
return text
8. ๐ Scope Permissions Ruthlessly
Follow the principle of least privilege:
- Read-only access to email? Don't grant send permission.
- Need to read one directory? Don't give full filesystem access.
- API keys should have the minimum required scopes.
9. ๐ Set Up Monitoring & Alerts
Monitor your agent's behavior in real-time:
-
Log aggregation: Use
tail -for a tool like Loki - Resource monitoring: Track CPU/memory spikes (could indicate crypto mining)
- Anomaly detection: Alert on unusual API call patterns
# Simple monitoring: watch for high CPU from agent processes
ps aux | awk '$3 > 80 {print $0}'
10. ๐ Rotate Credentials Regularly
Set calendar reminders to rotate:
- API keys (monthly)
- Access tokens (weekly if possible)
- SSH keys (quarterly)
Automate this where possible.
11. ๐ก๏ธ Enable macOS Security Features
Take advantage of built-in protections:
- FileVault: Encrypt your entire disk
- Gatekeeper: Only allow signed apps
- System Integrity Protection (SIP): Never disable it
- Lockdown Mode: Consider it for high-security setups
12. ๐ Use a VPN for Agent Traffic
Route your agent's outbound traffic through a VPN to:
- Prevent ISP snooping
- Add an extra layer of network security
- Geo-restrict API access if needed
13. ๐ธ Snapshot & Backup Your Config
Before major changes:
# Time Machine snapshot
tmutil localsnapshot
# Manual config backup
tar czf ~/backups/agent-config-$(date +%Y%m%d).tar.gz \
~/.openclaw/ --exclude='*.log'
14. ๐งช Audit Agent Actions Weekly
Review what your agent actually did:
- Check command history
- Review API call logs
- Verify no unauthorized file access
- Scan for any new network connections
15. ๐จ Have a Kill Switch
Always have a way to immediately stop your agent:
#!/bin/bash
pkill -f "agent-process"
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setblockall on
echo "Agent killed and network locked at $(date)"
๐ ๏ธ Free Security Tools
I've put together some free tools and resources for securing AI agent setups:
๐ AI Agent Security Toolkit โ Free configuration templates, firewall rules, and monitoring scripts specifically designed for local AI agent deployments.
These include:
- macOS firewall configuration templates
- Log sanitization scripts
- Permission audit checklists
- Network monitoring dashboards
๐ Want the Full Guide?
This checklist covers the essentials, but there's much more to securing autonomous AI agents โ especially around:
- Advanced threat modeling for AI agents
- Container isolation strategies
- Automated security scanning pipelines
- Incident response playbooks
- Compliance considerations (GDPR, SOC2)
I've written a comprehensive security guide covering all of this in depth:
๐ The Complete AI Agent Security Guide โ 50+ pages of detailed configurations, scripts, and strategies for running AI agents safely in production.
Final Thoughts
Running an AI agent 24/7 is powerful. But with great autonomy comes great responsibility (yes, I went there ๐ท๏ธ).
The biggest lesson I've learned: security isn't a one-time setup โ it's a continuous practice. I revisit this checklist monthly, and I've caught issues every single time.
Start with the basics โ isolate, encrypt, monitor. Then layer on more controls as your agent's capabilities grow.
Stay safe out there. ๐
What security measures do you use for your AI agents? Drop a comment โ I'd love to compare notes.
๐ Want More?
I'm building an AI-powered revenue machine that runs 24/7 โ from micro-SaaS tools to games to digital products, all automated with AI agents.
Follow me here on Dev.to to get weekly insights on:
- ๐ค AI automation that actually makes money
- ๐ฎ Game dev with AI agents (Godot + TDD)
- ๐ ๏ธ Building micro-SaaS tools from scratch
- ๐ Indie hacker growth strategies
๐ค More From Me
๐ฆ DonFlow โ Budget Drift Detector โ Plan vs reality budget tracking, 100% in your browser. No backend, no tracking.
๐ ๏ธ 18+ Free Dev Tools โ Browser-based, no install needed.
๐ฎ 27+ Browser Games โ Built with AI agents.
๐ฆ AI Agent Prompt Collection โ Templates for your own setup.
If this was useful, drop a โค๏ธ โ it helps more devs find it!
Got questions? Drop them in the comments โ I read every one.
Top comments (0)