Agent Trust Boundary

An agent trust boundary is the explicit security line that defines which information, files, tools and outputs an AI agent is allowed to trust. In traditional software, trust boundaries usually sit between a user, an application server and a database. In coding agents and autonomous workflows, the boundary moves: the agent reads repository files, runs commands, calls APIs and processes content that may itself be hostile. A strong trust boundary separates system instructions from project files, treats external content as untrusted data, limits write and network permissions, and requires checks before the agent can affect code, builds or deployments. This matters for prompt injection, supply-chain risk and tool use because malicious instructions in READMEs, tickets, logs or web pages can look like normal task context. The boundary is not a single product feature; it is a design principle across runtime, permissions, logging and human approvals. Without it, a production agent can read too broadly, execute too much and make failures visible only after damage has already happened.