The Secure Harness

AI coding agents are already shipping production code. Most teams using them haven't updated their security model to match.

The Secure Harness: Shipping Production Code with AI Coding Agents is a practical, plain-English guide to using Claude Code, Copilot, Codex, and the agents that will come after them - without waking up to a bad Tuesday afternoon.

It introduces the Secure Harness: an interlocking set of technical and organizational controls that lets agents do useful work inside defined boundaries you set, enforce, and audit.

This is not a product comparison, not an OWASP walkthrough, and not an offensive security manual. It is a calm, opinionated look at how agentic development actually works, where it breaks, and what you have to build to make it safe enough for production.

• How AI coding agents really work, and how the AI-first workflow differs from the one you grew up with
• A practical threat model for agentic development - prompt injection, excessive agency, supply chain risk
• How to harden the local environment with sandboxes, permissions, hooks, and policy layers
• How to evaluate, configure, and build secure MCP servers
• How to reason about multi-agent systems and agent-to-agent communication
• How to review agent-written code, release it safely, and maintain it over time
• How to set organizational defaults so your team does not have to invent this themselves

• 480 pages across four parts and nineteen chapters
• 4 worked scenarios, written in the voice of an incident report, showing how the harness holds (and how it fails when pieces are missing)
• 15 copy-pasteable reference artifacts - hook scripts, permission configurations, release gates, review checklists, policy one-pagers, MCP tool templates, and more
• 4 appendices including a full glossary and annotated further-reading list
• A unifying mental model - the Secure Harness - you can apply immediately, whether you are one developer on a laptop or a platform team setting defaults for the whole organization

• Developers who want to move faster without sacrificing safety
• Engineering leads and staff engineers building team-wide workflows
• Security and platform teams setting defaults for the organization
• Technical founders shipping whole products with agents
• Curious technical readers - PMs, designers, executives - who want to understand what is actually happening under the hood

Autonomy without boundaries is chaos. Autonomy inside a harness is infrastructure. This book is about building that harness.