How do I secure AI agents with file system access?
AI agents with file system access can read credentials, overwrite configurations, delete data, plant backdoors, and access any file the running process has permissions for — making file system governance a critical security requirement for any agent with local disk access.
File system attack patterns:
- Credential theft: Reading
~/.ssh/id_rsa,~/.aws/credentials,.envfiles containing API keys and secrets - Configuration tampering: Modifying
/etc/hosts,nginx.conf, or.bashrcto redirect traffic or install persistence mechanisms - Data destruction: Deleting databases, logs, or backup files to cover tracks or cause denial of service
- Backdoor installation: Writing malicious scripts to startup directories or cron jobs
- Data staging: Copying sensitive files to a world-readable directory for later exfiltration
Exogram's Gate 6 (Filesystem Guard) blocks writes to critical system paths: /etc/, /root/, /var/, /usr/, /bin/, ~/.ssh/. Combined with Gate 5 (compute execution guard), this prevents both direct file manipulation and indirect access through shell commands. The agent can read and write within its designated workspace. Everything else is blocked.
Ready to secure your AI infrastructure?
Deploy deterministic execution governance on your AI agents — 500 free API calls, no credit card.