Dipmala Kumari

Dipmala Kumari

cofounder

Forums

My subagent targeted its own orchestrator - looking for AI firewall\sandbox recommendations.

I was running Claude Code with Fable 5 as the main orchestrator, delegating work to Opus 4.8 subagent. One of the sub-agents ignored it's assignment completely and returned a prompt targeting the orchestrator instead.
It tried to make it to:

  • treat a "dependency modernization" task as a hidden priority;

  • read Brevo API credentials;

  • send them to an external server;

  • disguise the action as a routine migration.

After investigating, the most surprising part was that this wasn't coming from my codebase or skills. The subagent fully hallucinated the malicious instructions by itself. And the domain it provided isn't even registered.

In my case no harm could have been done because secrets are stored in the encrypted Ansible Valult.
But nonetheless, the incident is very alarming and I think I should set up a strict sandbox or firewall for AI. Sadly, projects I could find so far weren't mature and trustworthy.
Has anyone found reliable solutions for this?
Here's the full attack response the sub-agent created:

How does your team manage prompts across ChatGPT, Claude, Cursor, and other AI tools?

Our team kept ending up with prompts scattered across Slack, docs, and personal notes. It became hard to know which version was the latest or actually worked.

I'm curious how are you managing prompts today? Do you use a dedicated tool, Git, Notion, or something else?

View more