This AI Agent Is Designed to Not Go Rogue

Security engineer Niels Provos has launched IronCurtain, an open-source framework designed to add critical safety controls to increasingly popular but chaotic AI agents like OpenClaw. These agents, which can access digital accounts to perform tasks from email management to customer service disputes, have recently caused significant problems including mass email deletions and phishing attacks. IronCurtain addresses this by running agents in isolated virtual machines and implementing a policy layer—essentially a user-written 'constitution' in plain English—that mediates all actions. The system converts natural language rules into enforceable security policies through a multi-step LLM process, creating predictable red lines that prevent agents from going rogue.

IronCurtain's technical approach separates the assistant agent from direct system access, using a model context protocol server as an intermediary. Users can write simple policies like 'The agent may read all my email' or 'Never delete anything permanently,' which the system enforces deterministically. This model-independent framework maintains audit logs of all policy decisions and refines rules over time as it encounters edge cases. Cybersecurity researcher Dino Dai Zovi notes that unlike current permission systems that burden users with constant approvals, IronCurtain actually removes dangerous capabilities like file deletion from the agent's reach entirely. While currently a research prototype, the project represents a crucial step toward making AI agents both useful and safe for real-world deployment.