That’s a very accurate analogy.

What’s amazing is that during the last decade, containers and microvms have had huge impact on the ecosystem. Yet a huge amount of devs seem to just YOLO it and run agents in their host with full ambient capabilities.

Well said! We built in protections to multi-user and single user systems, but now we seem to be relearning them…your agent is not “you” and should probably not run as the same user with the same default permissions as “you”