OpenCode, an open-source AI coding agent, recently faced a serious vulnerability that enabled remote code execution (RCE). Versions prior to 1.1.10 had multiple exploitable endpoints. Attackers could execute shell commands through a POST request to `/session/:id/shell`, create interactive terminal sessions with `/pty`, or read arbitrary files via `/file/content`. The simplicity of exploitation makes this vulnerability particularly alarming. The author shares their experience with a previous RCE vulnerability while working on Bottlerocket, a secure operating system for container workloads. They worked hard to patch a potential RCE through a crafted X.509 certificate, which was complex and required specific conditions. In contrast, the OpenCode vulnerability opens the door to a much broader range of attacks, including prompt injection that could manipulate the AI agent into executing harmful commands or leaking sensitive data. The article warns about the security risks of AI agents running on developers' machines without proper sandboxing. These agents operate with the same permissions as their users, exposing critical information like SSH keys and cloud credentials. The author emphasizes the need for better telemetry and auditing tools for AI agents, as many users remain unaware of the risks. With thousands of developers potentially affected, the lack of insight into compromised environments poses a significant threat. The urgency for robust security measures in AI development is clear.