Skills
Give the agent its own principal, separate from the user's, so you can revoke one without the other
Anthropic's containment design uses separate principals for user identity and agent identity, which lets either set of credentials be revoked independently when an agent session is compromised. Their February 2026 incident — an employee phished into running a malicious prompt that exfiltrated AWS credentials on 24 of 25 attempts — is the case this design answers. Single shared identity means a compromised agent session forces you to burn the human's credentials too.
↳ Follow the thread