When your AI agent pushes code to GitHub, whose name is on the commit? When it sends an email, whose inbox does the reply go to? If the answer is "yours" — you're doing it wrong.
The Identity Problem
Most people set up their AI agent using their own accounts. Their GitHub, their email, their API keys. It's the path of least resistance — everything just works because the credentials are already there.
But here's what happens: your agent makes a git commit, and your name is on it. Someone replies to an email your agent sent, and it lands in your personal inbox. A third-party service rate-limits your API key because the agent was too aggressive, and now you're locked out.
The agent isn't you. It shouldn't pretend to be.
Give It Its Own Everything
I set up my agent with dedicated accounts across the board:
- Email — A separate Gmail account. The agent receives notifications here, sends messages from here, and its password resets go here. Clean separation.
- GitHub — Its own GitHub account. When it opens PRs or pushes commits, the authorship is clear. Code review is easier because you can immediately tell what the agent wrote vs what you wrote.
- OS user — A dedicated Linux user on the server. The agent's file access is confined to its home directory. It can't read your SSH keys, your browser history, or your personal files.
- API keys — Separate keys for every service. If a key gets compromised or rate-limited, only the agent is affected.
Why This Matters for Security
Identity separation isn't just organizational hygiene — it's a security boundary. If the agent's account is compromised (through prompt injection, misconfiguration, or a bug), the blast radius is limited to the agent's permissions. Your personal accounts stay untouched.
The OS user is particularly important. A dedicated user means you can use standard Linux permissions to control what the agent can access. No sudo. No access to system directories. No ability to read other users' files. The security boundary is enforced by the kernel, not by the AI's good behavior.
Why This Matters for Accountability
When everything the agent does is attributed to its own identity, you get a clear audit trail. Git blame shows which commits are human and which are agent-generated. Email threads clearly show when the agent responded vs when you did. API logs separate your usage from the agent's usage.
This matters for teams. If you're collaborating with other people, they should know when they're interacting with your agent vs interacting with you. Transparency builds trust.
The Setup Cost Is Minimal
Creating a new email takes two minutes. A new GitHub account takes five. A new Linux user takes one command. API keys are usually free to generate. The total investment is maybe 30 minutes — and it saves you from a tangled mess of shared identity down the road.
Think of it this way: you wouldn't give a new employee your personal login credentials. Your AI agent deserves the same treatment. It's a separate entity doing separate work — let it have its own identity.
Your agent isn't an extension of you. It's a collaborator. Give it its own seat at the table.