RSS

Securing Your AI Agent Infrastructure

mooreds1 pts0 comments

Securing Your AI Agent Infrastructure

Teri Radichel :: Security and Technology Research

SubscribeSign in

AWS Security<br>Securing Your AI Agent Infrastructure<br>Governance, security, and cost control matter with AI more than ever

Teri Radichel<br>May 27, 2026

Share

I explained my journey down the path of using AI to code a bootstrap script to secure an AWS organization in a prior post called What I’ve Vibe Coded in 2.5 Weeks. But that post was more about the value of AI in creating the script compared to the non-AI attempt than the actual contents of the script itself and the architecture of what I am deploying. I was able to do almost as much or more in 2.5 weeks than I did in four years in a prior attempt.<br>In this and the related posts I want to explain what is in the script and why. I started this journey to securely deploy batch jobs (now AI agents) because I wanted to quickly tell someone how to write a batch job and provide some code to do that. As I have explained before an AI agent is like a batch job but uses AI somehow inside of it to carry out its task.<br>Giving someone code to run a batch job or AI agent is simple. I’ve written some blog posts on agents already. Writing some code to do something was never that hard, even before AI. The problem is that if I just gave someone code to run a batch job where would they run it? I was promoting deterministic batch jobs for security use cases but if people did not deploy them in a secure manner (like OpenClaw, poorly written AI vibe-coded software, on a Mac Mini on an unsecured network with access to way too much data) they might get hacked and blame me because I provided the code and the idea.<br>So I set out to show how to create a secure environment to run the batch jobs with proper networking, encryption, and IAM controls. But then it became a question of how do I deploy those things? And are the tools I use to deploy those things secure? And where do I start if I have a brand new AWS Organization? And what if I’m in a large company where different people are responsible for deployment of different resources like a network team and an encryption team? And how do I set up a production and development environment so I’m not testing and changing code in production directly (secure software development 101)?<br>If you are a new vibe coder those are all the things that organizations do and in some cases must do to be compliant with regulations. There are reasons for all of that to keep software secure. So what this script does that I have been writing is set up an AWS account with a script that automatically deploys a lot of security controls. It basically sets up my whole environment and AWS account to handle things a large company will need and a person trying to secure a smaller company should be doing as well.<br>What I realized when I tried to share my other posts with people new to security and AWS or even someone experienced in AWS was that they were a bit hard to follow. They are kind of a stream of consciousness where I was hacking on and researching how to deploy an AWS organization and various security controls. It was complicated and I hit a lot of bugs and cryptic error messages along the way and wrote about those. I also tested out some new ideas behind the scenes I never wrote about.<br>I’m going to start from the top in this series and explain how I’m deploying an organization these days with some new insights and ideas in a more step by step manner that will hopefully be easier to follow. I’m not going to go into the nitty gritty details so you’ll need to refer to my prior posts for some of that. It will incorporate a few new ideas.<br>I will start by explaining why . Why do I need to deploy all these things instead of just firing up an EC2 instance and running my agents on it or using a Lambda function without a VPC? Well for one thing all those vulnerabilities found by AI agents won’t be accessible if they are behind network controls or have other controls like encryption and MFA in place. A layered approach to security, otherwise known as Defense in Depth will help you more than a single security control alone.<br>Risk, Security, and Governance

The goal of this method of architecting an organization is to build in security and governance to reduce risk from the ground up. For starters, you have to understand those terms and why they matter.

Risk: any vulnerability, misconfiguration, or architectural flaw that exposes your cloud environment to security breaches, compliance violations (i.e. fines and fees for not following industry or government regulations), or unexpected financial costs.<br>Security: The controls, rules, and policies that prevent malicious access, unintended harm, or a data breach in your AWS account (or in other words the goal of security is to reduce risk ).<br>Governance: Processes used to ensure adherence to your security and internal organization rules and policies as well as those mandated by external regulations that could lead to...

security code secure batch script organization

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

The Mirror Is Part of the Machine

london_safari10 ptstelemetry mirror decision logs enough time
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.