The Secure Harness: Shipping Production Code with AI Coding Agents

AI coding agents are already shipping production code. Most teams using them haven't updated their security model to match.

The Secure Harness: Shipping Production Code with AI Coding Agents is a practical, plain-English guide to using Claude Code, Copilot, Codex, and the agents that will come after them - without waking up to a bad Tuesday afternoon.

It introduces the Secure Harness: an interlocking set of technical and organizational controls that lets agents do useful work inside defined boundaries you set, enforce, and audit.

This is not a product comparison, not an OWASP walkthrough, and not an offensive security manual. It is a calm, opinionated look at how agentic development actually works, where it breaks, and what you have to build to make it safe enough for production.

What you will learn: How AI coding agents really work, and how the AI-first workflow differs from the one you grew up withA practical threat model for agentic development - prompt injection, excessive agency, supply chain riskHow to harden the local environment with sandboxes, permissions, hooks, and policy layersHow to evaluate, configure, and build secure MCP serversHow to reason about multi-agent systems and agent-to-agent communicationHow to review agent-written code, release it safely, and maintain it over timeHow to set organizational defaults so your team does not have to invent this themselvesWhat you will get: 480 pages across four parts and nineteen chapters4 worked scenarios, written in the voice of an incident report, showing how the harness holds (and how it fails when pieces are missing)15 copy-pasteable reference artifacts - hook scripts, permission configurations, release gates, review checklists, policy one-pagers, MCP tool templates, and more4 appendices including a full glossary and annotated further-reading listA unifying mental model - the Secure Harness - you can apply immediately, whether you are one developer on a laptop or a platform team setting defaults for the whole organizationWho this book is for: Developers who want to move faster without sacrificing safetyEngineering leads and staff engineers building team-wide workflowsSecurity and platform teams setting defaults for the organizationTechnical founders shipping whole products with agentsCurious technical readers - PMs, designers, executives - who want to understand what is actually happening under the hood

Autonomy without boundaries is chaos. Autonomy inside a harness is infrastructure. This book is about building that harness.