Eighteen months ago, the most an AI coding tool could do was suggest the next line of code and wait for you to accept it. Today, you can hand Claude Code a feature spec, walk away, and come back to a working implementation: code written across multiple files, commands executed, errors caught and corrected… all without a human approving a single step.

There’s no doubt that a developer with a fleet of autonomous agents can get three or four times more done in a day. But every one of those agents is also making decisions, running commands, and accessing resources inside your environment on its own. If it makes a bad call, it can repeat that mistake dozens of times at machine speed, before anyone catches it.

Most engineering organizations are stuck in the middle of this right now. Developers want to use these tools (and in many cases already are, sanctioned or not), leadership wants the productivity upside, and security wants to know what these agents are actually doing. Everyone's right, with few having a satisfying answer that ties it all together.

Why local execution breaks down at scale

80% of engineering teams are still in the early stages of AI maturity with code completion and local agents running on laptops. This works for individual experimentation, but it falls apart as an organizational strategy for three reasons:

• Environment drift: Every developer's machine is set up a little differently from the next: different dependency versions, tool configurations, and OS discrepancies. Autonomous agents depend on consistent, reproducible environments to produce reliable output, but local inconsistencies create silent failures that are hard to diagnose.

• Laptops impose a runtime ceiling: The whole value of an autonomous agent is that it can work through complex tasks for hours while the developer focuses elsewhere. But laptops close, batteries die, and people go home. You can't run an agent for twelve hours on a machine that shuts down after eight.

• There's no organizational visibility: When an agent runs locally, no one but the developer knows what it's accessing, what commands it's executing, or what changes it's making (and sometimes, not even the developer knows). There's no audit trail, no policy enforcement, and no way to intervene. Multiply that by hundreds of developers running multiple agents each, and you have a governance gap that grows exponentially with every adoption.

This is the same shadow IT pattern that enterprises dealt with during the early cloud migration years, with developers adopting faster than the organization can build guardrails. But autonomous agents carry a different kind of risk than an unsanctioned EC2 instance, because they're actively making decisions inside your codebase with no human in the loop.

How cloud development environments change the equation

Cloud development environments take the configuration burden off individual developers and centralize it. A platform admin defines a template (a blueprint that specifies the exact infrastructure, tools, dependencies, and access controls a given project requires), and developers launch standardized instances of that template on demand. Every workspace is identical, properly configured, and running on infrastructure that the organization controls.

Coder has been building on this model since 2017, originally to solve the time and inconsistency cost of having every human engineer configure their own local machine. Admins build templates in Terraform that define everything a workspace needs, like tooling, dependencies, repository access, and IDE support, allowing developers to spin up isolated instances in seconds. The templates are iterated on as projects change, but the key is that every developer working from the same template gets the same environment, every time.

This core benefit has evolved into a framework for secure agentic AI because autonomous agents need the same things human developers do: access to the right repositories, the right tools, the right API endpoints, and the right permissions in an environment that's reproducible and runs somewhere the organization can monitor. Adding an AI agent to a Coder template is just another Terraform module. The admin defines it once, and every workspace launched from that template includes the agent, correctly configured, with scoped access to exactly what it needs.

That consistency holds across deployment models, whether it’s public cloud, private data center, or fully air-gapped networks with no internet access. It’s why teams at Goldman Sachs, Morgan Stanley, Vanguard, Anthropic, Netflix, and more than 150 other organizations run Coder in exactly these kinds of environments.

How Coder handles AI governance

Getting the agent into the environment is the straightforward part. The harder question is what happens once it's running autonomously: what it can access, what it can do, and whether anyone can see what it's doing. These problems of governance become organizational problems the moment more than a handful of developers are running agents.

Coder addresses this through two components:

• Agent Firewall operates at the process level, isolating each agent so it can only connect to domains and resources that have been explicitly authorized. If the agent attempts to reach anything outside that perimeter (an unauthorized external service, an unintended API endpoint), the connection is blocked. It also restricts what commands agents can execute within a workspace, preventing destructive operations before they happen.

• AI Gateway sits between the agent and every LLM API and tool it calls. Every prompt sent, every model invoked, and every tool invocation is logged, giving administrators a complete audit trail of AI activity across the organization. AI Gateway also centralizes API key management, so credentials don't need to be distributed or rotated across hundreds of individual workspaces. Finally, it handles MCP server administration centrally, letting organizations define a standard set of approved servers and tools that all agents can access, rather than leaving each team to configure their own.

Together, these address the full governance surface: not just what agents can reach, but what they're doing, how much they're spending, and whether that activity is attributable and auditable.

In practice, Agent Firewall is just a line change in the same Terraform template. An admin layers it in alongside the Claude Code agent, repository access, and authentication, each module documented in the Coder registry with configuration examples showing how they work together. AI Gateway, meanwhile, runs centrally in the Coder control plane, so administrators configure it once and it applies across all workspaces automatically. This way, every developer who launches a workspace from that template gets an identical, fully governed environment in under a minute.

Why the infrastructure investment compounds

There's a practical reason to build this even if your team is still early in agent adoption. The centralized environment infrastructure you set up for human developers is the same foundation you'll use for supervised agents, and then for autonomous agent fleets. Each stage builds on the last, so the infrastructure invested early compounds as you scale.

The bind most organizations are in right now (developers pushing to adopt agents while security teams push to slow down until governance is figured out) resolves when the infrastructure makes both things possible at once: agents that run at scale, in environments the organization controls, with visibility into what they're doing.

Cloud development environments like Coder were already built to solve that problem for human engineers. Autonomous agents just raised the stakes.

To dig deeper, watch the full webinar here.