back to reflections

Security Agents Need a Thinner Harness

AI agent harnesses built for coding are too heavy for network security. The future demands thin, server-backed agents - lightweight enough to deploy everywhere, hollow enough to resist compromise.
Petko D. Petkovon a break from CISO duties, building cbk.ai

Today's AI coding agent harnesses (tools like Codex and Claude Code) are heavy-duty applications. They come bundled with dependency trees, runtime requirements, and a security surface area that grows with every update. The common argument is that writing them in a systems language like Rust solves the problem. It doesn't. The bloat isn't in the language per-se. No matter what you write it in, a fat client that needs to manage state, models, tools, memory, and orchestration locally will always be difficult to maintain, difficult to port, and difficult to trust.

The real problem becomes clear when you think about where AI agents are headed next, which is the topic for this week, i.e network security.

We are approaching a future where AI agents will be the first line of defense (and offense) across every network. Defensive agents will sit on individual nodes, monitoring traffic, watching for anomalies, acting on threats in real time. They won't wait for a human to review a dashboard. They will detect, decide, and respond. Meanwhile, attackers will deploy their own agents for probing, scanning, attempting lateral movement, trying to stay undetected. It will be agent versus agent, operating at machine speed, 24 hours a day.

In that world, the agent harness matters enormously. You can't deploy a 500MB application with a Python or a Node runtime and a dozen transitive dependencies to every node in your network. You can't afford for that agent to carry local state that could be exfiltrated if compromised. You can't manage updates across thousands of instances when each one requires a complex installation procedure. You need the opposite. You need a single binary, the smallest footprint possible, with no local state worth stealing.

The only way to achieve this is to shift the complexity back to the server. The agent on the node should be a thin client that has just enough code to receive instructions, execute actions, and report results. The reasoning, the conversation state, the model inference belong on a managed plane where it can be secured, monitored, and updated without touching the deployed agents.

This is exactly where ChatBotKit core technology has shown its strength since day one. The ChatBotKit agent builder provides the control plane. You design, configure, and update your agents from a single interface. The ChatBotKit Go SDK compiles down to a single binary, roughly 6MB, that contains everything the agent needs to operate. No runtime dependencies. No package manager. No supply chain to compromise. No secrets in .env files. Just a static binary that talks to the ChatBotKit conversation API.

The architecture has a critical security property. Because the stateful conversation API handles reasoning server-side, the agent's intelligence runs remotely and only the results are served locally. There is no model running on the node and there is no state. There are no credentials stored in the agent's memory or in files. The worst an attacker can do is stop the agent from working. They cannot extract the reasoning chain, the system prompt, or any secrets managed by the platform. The agent is, in a sense, hollow. Useful but not exploitable.

There is another advantage that matters at scale. The same agent definition can run across multiple instances (on the same node or across an entire fleet) without coordination overhead. Each instance connects independently to the ChatBotKit conversation API and operates autonomously. The entire agent network can be reconfigured from the control plane. Need to change detection rules? Update the agent definition once. Need to redeploy across a new subnet? Ship the same binary. Need to rotate credentials? The credentials never lived on the node in the first place.

The future of network security is not bigger firewalls or faster SIEM dashboards. It is a mesh of lightweight AI agents where some are defending, some hunting but all operating at a speed and scale that humans alone cannot sustain. The question is whether those agents will be bloated, fragile, and dependent on whatever toolchain was trending when they were built, or whether they will be thin, disposable, and controlled from a secure plane.

I know which architecture I'd bet on.

A practical note: ChatBotKit's Go SDK is open source and produces a single static binary with no external dependencies. Combined with the stateful conversation API, it gives you a deployment model where the agent harness is thin enough to run anywhere and the intelligence stays where it belongs.

AIsecurityagents