RC-401b · Module 1

Single Agent Hardening

3 min read

Security is not a phase. It is not a sprint you schedule after the features are done. It is a property of every line of configuration you write from minute one. When 30,000 OpenClaw deployments shipped without authentication, 93% ended up with exploitable vulnerabilities. The lesson is not "add security later." The lesson is that "later" never arrives.

Single-agent hardening applies three AS-track security patterns before the agent processes its first real request: prompt injection defense, secrets management, and network isolation. These are not optional modules you bolt on. They are structural requirements, like rebar in concrete. Remove them and the structure stands until the first lateral load — then it collapses all at once.

Do This

  • Enforce least-privilege from day one — agents get only the tools they need, nothing more
  • Store secrets in environment variables or a secrets manager, never in CLAUDE.md or agent prompts
  • Deploy on isolated infrastructure — a dedicated machine or VPS, not your personal laptop
  • Validate all agent outputs before they reach external systems — treat agent actions as untrusted input
  • Log every agent action with timestamps and context for audit trails

Avoid This

  • Grant broad filesystem and network access because "it's easier during development"
  • Hardcode API keys in configuration files, even temporarily
  • Run agent processes on the same machine you use for personal email and banking
  • Pipe agent output directly into production APIs without validation
  • Skip logging because "we'll add observability later"