Since AutoGPT in 2023, I’ve been uneasy about fully unsupervised AI agents. I see the productivity upside, but “kick it off and walk away” felt risky.
Recently, the “Ralph Wiggum loop” pattern has gone viral. The idea is simple: An autonomous coding agent runs repeatedly until all PRD items are complete, with fresh context each loop and state stored outside the model in git, JSON, etc.
What bothered me was this part: what protects the system while I’m AFK?
Traditional AI-assisted dev today looks like: AI writes code → human reviews → CI scans → human fixes
What I wanted instead: AI writes code → security scans immediately → AI fixes issues → repeats until secure → escalates if stuck
So I built a prototype that embeds security scanning directly inside the agent loop. The agent runs tools like Semgrep, Grype, Checkov, etc. inside its own session, sees the findings, and iteratively fixes them before anything is committed.
The loop looks like this:
PRD → Agent → Scan → Pass? → Commit Fail → Fix → Retry (3x) → Escalate to human
A few design principles that mattered:
* Baseline delta: pre-existing issues are tracked separately. Only new findings block commits. * Sandbox constraints: no network access, no sudo, no destructive commands. * Human override: nothing is fully autonomous. You can step back in at any point.
Is this bulletproof? Definitely not. Is it production-ready? No. But it’s a starting point for applying DevSecOps thinking to autonomous agents instead of trusting “AI magic.”
Repo link: https://github.com/agairola/securing-ralph-loop
Would love feedback from folks experimenting with agent loops, secure automation, or AI-assisted development gone wrong.
Happy to iterate.