A workflow in which an agent generates and runs code against a real interface instead of issuing isolated tool calls. That increases reliability, but it also shifts governance from simple request approval to runtime containment, logging, and permission scoping.
Expanded Definition
Code mode describes an agent operating with execution authority, where it can generate scripts, invoke a runtime, and act against a live interface rather than sending isolated tool calls. In NHI and agentic AI governance, that changes the control problem from prompt approval to containment, identity scoping, and traceable execution.
Definitions vary across vendors, but the practical distinction is clear: tool mode requests a discrete action, while code mode can bundle logic, state handling, retries, and side effects into one execution path. That makes it closer to software running under delegated authority than to a single API call. The security model should therefore align with NIST Cybersecurity Framework 2.0 outcomes for access control, logging, and recovery, especially when the agent touches secrets, infrastructure, or customer data.
In practice, code mode becomes a governance boundary: the agent is not just recommending code, it is producing and running it inside a trust zone that must be explicitly bounded. The most common misapplication is treating code mode like a harmless productivity feature, which occurs when runtime permissions, output review, and egress controls are left unchanged.
Examples and Use Cases
Implementing code mode rigorously often introduces operational friction, requiring organisations to weigh faster agent execution against tighter review, sandboxing, and rollback discipline.
- An internal support agent generates a Python script to reconcile account records in a staging environment, with execution restricted to a temporary container and full command logs retained for review. This pattern is safer when paired with guidance from the Ultimate Guide to NHIs.
- A DevOps agent writes infrastructure code, applies it to a non-production cluster, and then reports the diff. The real governance task is not only code quality, but whether the agent can reach production credentials or persistent secrets.
- A security agent runs a remediation playbook that isolates a compromised service account, rotates keys, and opens a ticket. The workflow should be measured against NIST Cybersecurity Framework 2.0 functions for protect, detect, and respond.
- An analyst asks an agent to generate SQL and execute it against a read-only replica. This reduces manual effort, but only if the replica boundary is enforced and query output cannot be repurposed to reach privileged systems.
- A platform team uses code mode to automate cleanup of stale secrets and unused roles. The control challenge is making sure the agent cannot expand scope while attempting the fix.
Why It Matters in NHI Security
Code mode matters because it magnifies the impact of every privilege decision. Once an agent can execute code, a weak entitlement model can turn a simple request into broad system access, secret exposure, or unintended changes to identity infrastructure. NHI governance becomes especially important here because 30.9% of organisations store long-term credentials directly in code, according to the Ultimate Guide to NHIs.
That finding is especially relevant in code mode, where generated scripts may inherit credentials from environment variables, config files, or CI/CD pipelines. It also reinforces why Ultimate Guide to NHIs treats lifecycle controls, visibility, and secret rotation as core governance functions rather than afterthoughts. In a code-executing agent model, logging alone is not enough unless the organisation can also prove who authorized the run, what permissions were active, and which secrets were reachable at execution time. The most common failure mode is discovering the problem only after an automated change has already touched production, at which point code mode becomes operationally unavoidable to contain and investigate.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A2 | Code-executing agents increase prompt-to-action risk and demand runtime constraints. |
| OWASP Non-Human Identity Top 10 | NHI-02 | Code mode often exposes secrets and privileged credentials through generated runtime artifacts. |
| NIST Zero Trust (SP 800-207) | SC-3 | Zero Trust requires each code execution to be explicitly authorized and contained. |
Restrict agent execution paths, validate outputs, and sandbox code before any privileged action.
