Skip to content

Follow agent security best practices

For an agent to function—whether it's answering questions, executing commands, or providing automated responses—it must be able to read the conversation to understand what's being asked, and write messages to respond.

Like any other user, this means your agent holds the cryptographic keys required to decrypt and send messages in the conversation. As an agent developer, it's important to uphold the security of these keys and messages.

Here are some security best practices:

  • Never expose private keys: Use environment variables.
  • Keep messages secure and private: Do not log messages in plaintext. Do not share messages with third parties.
  • Label agents clearly: Clearly identify your agent as an agent and don't have an agent impersonate a human.