GitHub has implemented a defense-in-depth architecture to secure agentic workflows by emphasizing isolation and constrained execution environments. These non-deterministic AI agents operate in sandboxed, ephemeral containers that restrict write access to controlled outputs like pull requests to prevent unauthorized repository changes. To mitigate risks like prompt injection, the system routes sensitive credentials through trusted proxies and maintains comprehensive activity logging for full auditability.