
Summaries like this, in your inbox every morning.
Sign up free →AWS announced Trusted Remote Execution (Rex), an open source scripting runtime where scripts written in Rhai—a lightweight language with no built-in system access—can only reach the host through operations that Rex explicitly provides and that are authorized against a Cedar policy (a rules language) upon invocation.
Rex pairs every script with a Cedar policy that controls what code is allowed to do at runtime. When a script attempts an operation, the Rhai engine has no direct host access; instead, every operation is checked against the policy before it runs, and if the policy does not permit the action, the script receives an error and the operation never executes.
This model is designed to give AI agents real operational access—reading logs, inspecting configurations, restarting services—while keeping a hard boundary around what they can touch. If an agent generates a script that exceeds the policy (from hallucination, prompt injection, or misinterpretation), it receives an ACCESS_DENIED_EXCEPTION rather than causing unintended side effects.
Rex runs on Linux and macOS, is open source under the Apache 2.0 License, and can be installed via Cargo; full setup guide and interactive playground are available on the project's Getting Started page.
No comments yet. Be the first to share your thoughts!
Log in to join the discussion




Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack