What is AI agent blast radius and how do you contain it?

AI agent blast radius is the maximum damage an agent can cause if it malfunctions, gets compromised, or follows malicious instructions — and in most deployments, the blast radius is "everything the agent has credentials for," which is usually everything.

Blast radius is determined by three factors:

• Credential scope: What API keys, database connections, and service accounts does the agent have access to?
• Action speed: How many destructive operations can the agent execute before anyone notices? (PocketOS: 9 seconds)
• Recovery difficulty: Can the damage be reversed? Deleted databases, sent emails, and financial transactions often cannot

Containment strategies:

1. Least-privilege credentials: Scope API keys to the minimum required permissions (necessary but insufficient)
2. Execution governance: Validate every action against policy before it executes (Exogram's approach)
3. Rate limiting: Cap the number of state-changing operations per time window
4. Namespace isolation: Each agent operates in a sandboxed execution context

Exogram reduces blast radius to zero for policy-violating actions. An agent with admin database credentials can still only execute operations that pass all 8 policy gates. The credentials provide capability. Exogram provides constraint.