We Gave an Agent Production Code Access and Then Tried to Sleep at Night
We let an agent touch production code to fix CVEs. That is either automation or a supply chain incident, depending on how honest your architecture is. PatchPilot started simple: find vulnerable dependencies, patch them, open a PR, let CI prove the fix, move on. Then reality showed up. The agent needed repository access, CI logs, credentials, and a Docker socket. Without that, it was useless. With it, every security reviewer in the room had a point. This is the production case study: what we gave the agent, what we refused, what infosec pushed back on, and where they were right. We will cover scoped permissions, constrained PRs, audit trails, approval gates, CI evidence, credential boundaries, and the gap between "it generated a patch" and "we can defend this change." Agentic remediation is not just developer productivity. It is a new participant in your software supply chain.
About the Security Track
Security sessions at AI Engineer World's Fair 2026 in San Francisco.
When
Tuesday, June 30, 2026
11:40 AM - 12:00 PM·20m
Where
Track 5 · Room 2005
Capacity: 250 attendees
Sign in to add this talk to your schedule.
Speaker
Moritz Johner
Platform Architect / Senior Software Engineer
Form3
Moritz is a platform architect, Open Source maintainer and contributor in the Kubernetes Ecosystem with a strong interest in information security and automation. He's employed at Form3 and currently operating a true multi-cloud Kubernetes platform across three cloud providers and bare-metal.