Matthew Slipper

Huge launch. Self-hosted agent systems are the future, and egress enforcement is what makes them safe. iron-proxy is the egress layer inside centaur. We went deep on the hard parts like OAuth brokering, HMAC signing, and Postgres MITM for RLS.

This is really cool to see. Self-hosted sandboxes + default-deny egress is the future. Most iron-proxy users are already running agents in their own VPCs; now they can run Claude Managed Agents there too.

This is available in iron-proxy v0.23.0+. Release notes here: https://t.co/6l5HW5sbY3

Pin versions, set a minimum release age, and run an egress proxy in front of anything running potentially untrusted code. Do this now, before this happens again next week.

Seeing more and more folks opting to bring their own compute rather than using sandboxes. Boring EC2 instances / k8s pods often work just fine.

https://t.co/7UVrk8f2OX

The deletions will continue until egress control improves

5/ This matters especially for coding agents. Even if the agent gets prompt-injected into posting a "comment" full of secrets, the comment still has to pass the judge. If your agent can reach GitHub, today's a good day to secure it. https://t.co/86wmD5kQwS

1/ Malware continues to dump secrets on GitHub. Today's Bitwarden CLI backdoor is just the latest of many examples. Hostname allowlists can't tell good GitHub traffic from bad. You need a filter that actually understands the GitHub API. Here's how.