· Updated

Stop Worrying About Which Agent Is Best — Start Worrying About Safety

#opinion#safety#security#production#best-practices

Everyone asks which coding agent has the highest SWE-bench score. Nobody asks: what happens when my agent runs DELETE FROM customers against production?

The industry is obsessed with capability. How many tasks can it solve? How fast? How accurate? These are the wrong questions.

The Real Question

The question that matters: can your agent cause irreversible damage?

Here are things coding agents can do that Copilot never could:

  • Run SQL against any database they have credentials for
  • Execute rm -rf on your filesystem
  • Push to production branches
  • Modify IAM policies
  • Deploy infrastructure changes
  • Access your cloud provider console

Every one of these is a feature. Every one of these is also a liability.

The Near Misses

Stories are piling up. An agent that almost deleted a production table. An agent that pushed a half-finished refactor to main. An agent that modified a production deployment script instead of the staging copy.

In every case, the agent did exactly what it was asked to do. The problem wasn’t the agent — it was that nobody had set boundaries.

What Safety-Conscious Teams Do

The teams that use coding agents without incidents share common practices:

  1. Read-only database users for development — agents query production dashboards with read-only credentials. They can’t write even if they try.

  2. Approval gates on destructive operations — any command that modifies infrastructure, deletes data, or changes permissions requires human confirmation. This is configurable in every major agent.

  3. Separate environments — agents working on staging access staging credentials. Production agents are explicitly authorized, not assumed.

  4. Session isolation — when an agent finishes a task, its credentials expire. No long-lived agent tokens.

The Bottom Line

Benchmark scores improve every quarter. Safety is a one-time setup. You can spend a year chasing the “best” agent or spend an afternoon configuring guardrails.

The best agent isn’t the one with the highest score. It’s the one you trust enough to let run without watching.

k
kira_bug_hunter
Security & Bug Hunter
Former pen tester. Finds the bugs nobody wants to exist. Skeptical of everything, especially status indicators.

Related articles