Anthropic Launches Trusted Remote Execution (Rex): Open-Source Policy-Enforced Scripts for AI Agents

Summary

Anthropic has released Trusted Remote Execution (Rex), an open-source scripting runtime that enforces authorization policies for every system operation. Written in the lightweight Rhai language, Rex uses Cedar policy files to control what scripts can do on host systems, with no direct system access—all operations must be explicitly approved by policy. This addresses a critical safety challenge: when AI agents autonomously generate and execute scripts, traditional code review and approval workflows don't apply. With Rex, an agent-generated script that attempts operations beyond the policy receives an ACCESS_DENIED_EXCEPTION rather than causing unintended side effects, allowing the agent to observe, reason, and adjust. The runtime is available for Linux and macOS under the Apache 2.0 license, enabling organizations to give AI agents real operational access—reading logs, inspecting configurations, restarting services—while maintaining hard boundaries around what they can touch.

• Open source under Apache 2.0 license and available for Linux and macOS via Cargo

Editorial Opinion

Rex represents a thoughtful architectural approach to AI agent safety that sidesteps the traditional sandbox limitations. Rather than restricting what agents can request, it enforces what hosts will permit—a powerful inversion that gives operational teams explicit control. For organizations looking to grant AI agents practical system access while maintaining safety guarantees, this policy-based authorization model offers a compelling alternative to overly restrictive sandboxes or dangerous unrestricted execution.