Day 1 · Recorded 6 May 2026
Enforce, attest, decide: runtime security for background agent fleets
For background agent fleets, permissions are both the product and the risk. Stephen Parkinson demos Nono's three-layer model for agent runtime security: enforce what an agent can do, attest the files and policies that steer it, and decide how headless agents request expanded capabilities without silently stalling or overreaching.
Stephen Parkinson, Co-founder, nono · Always Further
What's in this session
Agent sandboxing is not a yes-or-no question. Useful agents need to read code, call APIs, ingest instructions, and sometimes request more capability while running in the background, which makes static permissions too blunt for real work.
In this demo-led session, Stephen Parkinson walks through Nono: kernel-enforced isolation, composable policy profiles, blocked network and secret access, detached sessions for supervising multiple agents, Sigstore-signed policies, trusted-file attestation, Merkle-tree audit logs, content-addressable rollback, and Slack-backed capability elevation.
For platform and security leaders, the operating model is clear: enforce runtime boundaries, attest the context and files agents consume, and design a reviewable decision path for capability expansion. That is the difference between trusting a headless process and running a governed agent fleet.
Inside the recording
- 00:00 Enforce, attest, decide with Nono
Stephen introduces a kernel-enforced isolation layer for coding agents and background fleets. - 04:00 Profiles as composable agent policy
Nono wraps agents with lightweight profile bundles that control runtime capabilities. - 08:00 Blocking network and secrets in a live demo
The enforcement layer constrains what a Node project and its agent wrapper can access. - 12:00 Session management for background agents
Detached Nono sessions make it possible to supervise multiple sandboxed agents at once. - 16:00 Attesting skills and trusted files
Signed policies verify the files agents ingest before those files can steer behavior. - 20:00 Merkle audit logs and atomic rollback
Every sandbox action is recorded outside the agent and can be verified or undone. - 24:00 Slack-backed capability elevation
Headless agents can request expanded access through a review path instead of stalling silently.
More sessions on agent infrastructure
- Building Minions: agents on a 30-million-line codebase — Alistair Gray, Stripe
- Building a company-internal background agent system — Cole Murray, Open Inspect
- From Assisted to Delegated: Cloudflare's AI Engineering Stack — Rajesh Bhatia, Cloudflare