elhaz featured in EngSecLab's blog for securely sandboxing AI agents

April 27, 2026

Alex Smolen of EngSecLabs released a wonderful blog post earlier today that is absolutely worth reading.

There has been a lot of discussion lately among security professionals about how to isolate AI agents from AWS credentials. In the above-linked blog post, Alex’s solution is to cleverly mount a Docker container with the Unix socket maintained by elhaz, install elhaz and the AWS CLI inside of that container, and create an AWS profile with a credential process which ingests temporary credentials emitted by the elhaz export command. Alex’s technique places firm policy + identity guardrails around any agent sandboxed by that container, effectively treating elhaz as a credential proxy. In the post, Alex also mentions a tool named TrailTool, which he maintains, which he uses to actively monitor AWS actions by agents and institute an intent-based approach to permissioning.

It is worth noting Alex will be presenting the above research at the upcoming fwd:cloudsec conference in Bellevue, WA in about two months.

elhaz was explicitly designed with use cases exactly like Alex’s in mind, so 61418 is extremely pleased to see serious security professionals like Alex finding creative applications for elhaz. We are excited to see what other creative applications people find for elhaz.