Security on Unbound Forcehttps://unboundforce.dev/tags/security/Recent content in Security on Unbound ForceHugoen-USCopyright (c) 2025-2026 Unbound ForceSun, 03 May 2026 00:00:00 +0000Stop Leaking Cloud Credentials to Your AI Containers — uf gateway Credential Isolationhttps://unboundforce.dev/blog/gateway-credentials/Sun, 03 May 2026 00:00:00 +0000https://unboundforce.dev/blog/gateway-credentials/<h2 id="the-problem">The Problem</h2> <p>Running AI agents in containers requires LLM API access. The agent needs to call Claude, but the cloud credentials — Google Cloud OAuth tokens, AWS session credentials, Anthropic API keys — live on the host machine. Getting those credentials into the container is where things go wrong.</p>Isolate Your AI Agents with uf sandbox — Containerized OpenCode Sessions via Podmanhttps://unboundforce.dev/blog/sandbox-isolation/Sun, 03 May 2026 00:00:00 +0000https://unboundforce.dev/blog/sandbox-isolation/<h2 id="the-problem">The Problem</h2> <p>AI coding agents are powerful collaborators, but they run with the same filesystem access as any other process on your machine. When an agent executes a command, it is real — <code>rm -rf</code>, <code>git push --force</code>, a corrupted <code>.git</code> directory, a rewritten configuration file. The damage is immediate and often irreversible.</p>