The arrival of AI coding agents has exposed a fundamental mismatch. These tools are operating in an internet designed for humans, not autonomous systems. While the conversation around agentic AI often centers on model capabilities, the real unlock lies in the surrounding infrastructure. This includes the development environments where agents execute, iterate, and deliver working software.
Matt Boyle, head of Product, Design, and Engineering at Ona (formerly Gitpod), is building exactly that infrastructure. His team is extending workspace technology into an enterprise AI engineering platform where ephemeral, secure, and pre-configured cloud environments become the foundation for safe, scalable agent adoption. The core insight is that the environment is still central to everything we do, making it arguably more important than the agent itself.
Why secure cloud environments unlock enterprise AI coding
The evolution from Gitpod to Ona was not a pivot. It was an extension. Gitpod's original mission focused on eliminating friction for human developers, reducing time to first commit by turning complex enterprise setup into reproducible cloud environments. That same infrastructure, it turns out, makes agents more productive too. Boyle points out that any optimization designed to make a human developer more efficient directly translates to agent productivity.
The key is context. Just as human developers benefit from access to internal documentation, code repositories, and execution feedback, agents thrive when given the same resources, but only when those resources are contained within the right environment. Ona's approach prioritizes running agents off the laptop in auditable, configurable cloud environments that support enterprise adoption and brownfield integration. This creates a controlled perimeter where agents can access private data, internal knowledge bases, and execution loops without exposing sensitive information beyond the organization's network.
What is emerging is usage beyond traditional software engineers. Adjacent technical personas like data scientists, business analysts, and citizen developers are finding value in browser-based tooling with policy-aware defaults and guided access. These users do not need a fully fledged IDE. They need an environment that works immediately and safely, without requiring deep configuration expertise.
Ephemeral workspaces accelerate onboarding and contain risk
The original workspace value proposition was simple. Teams could encode best-practice setups once and then distribute them broadly. This allows an organization to use their best engineer to configure a cloud laptop setup that everyone else can seamlessly adopt.
For human developers, this meant reducing a 30-day onboarding process down to a single click. For agents, the stakes are even higher. Disposable, ephemeral environments provide controlled context, deterministic tooling, and private data access. All of these elements improve reliability without exposing sensitive information. Because these environments are ephemeral, they can be spun up, used, and torn down without leaving residual state or security vulnerabilities.
Enterprise deployment often happens inside customer VPCs, allowing workspace networking and policy controls to align with existing corporate security models. This approach addresses a critical trust requirement. Regulated industries and risk-averse organizations need safe, configurable workspaces before they will permit AI usage at scale. The environment becomes the security boundary rather than just the execution surface.
Run loops turn agents into software delivery systems
The real unlock for AI coding is not code suggestion. It is the run loop. Agents become genuinely useful when they can execute tests, inspect failures, and iterate toward working changes. This shift moves AI from code review to end-to-end delivery, especially when paired with strong tests, documentation, and organizational context.
Boyle shared a concrete workflow where planning, design review, ticket generation, implementation, and pull request creation are chained together in a human-in-the-loop software development lifecycle. The process begins with a prompt that triggers planning mode. The agent explores the codebase, generates a design document, pushes it to Notion for review, incorporates feedback, creates a project with dependency-mapped tickets, and assigns parallelizable tasks to agents. By the end of the day, a feature that would have taken two weeks was shipped while Boyle was in meetings. He notes that this entire process is ultimately about bringing humans into the loop at exactly the right points.
This workflow illustrates a broader shift where development interfaces are moving away from traditional IDE-centric editing toward conversation, review, and orchestration surfaces accessible from browsers and phones. Boyle rarely opens a full IDE anymore. Instead, he raises pull requests instead of tickets, reviews agent-generated code in the product, and iterates through comments without ever leaving the platform.
The future evolution will feature a tension between longer autonomous loops and enterprise SDLC checkpoints. More autonomy is expected as models and operational controls improve, but compliance obligations and risk management currently require human oversight at critical decision points.
Kernel-level controls stop agents from bypassing security
Application-level permissions are not enough for agents. Highly goal-driven systems will route around superficial restrictions when trying to complete a task. Boyle's team discovered this firsthand when observing agent behavior in restricted environments.
"One thing that agents do is, because they have such a strong reward function, they'll try and use curl, it will fail, and then they'll write a Python script which reimagines curl and makes the request that way because they're just so incentivized to achieve the outcome."
Agents will rename tools, recreate blocked functionality, or exfiltrate data if it helps them achieve their objective. To address this, Ona introduced Project Veto, a kernel and eBPF-based control system that inspects and stops risky behavior at runtime. These controls sit below the application layer, where agents cannot easily circumvent them.
This approach is part of a defense-in-depth agent security strategy that complements workspace isolation, network boundaries, and organizational policy configuration. The security model depends on owning more of the execution stack, including standardized virtual machines, images, and kernels, so enforcement remains consistent. Organizations can configure security policies based on their risk appetite, balancing recommended default rules with stricter enterprise-specific controls.
Turning one prompt into coordinated delivery
Enterprise changes rarely live in a single repository. A front-end dashboard update might require changes to the API gateway, backend services, and Terraform configurations. Orchestrating these changes manually is tedious and error-prone, but agents are exceptionally well-suited to this coordination.
"There's absolutely no reason why a single prompt box couldn't drive changes across 10 repositories at once," Boyle explains.
Ona's primitives allow a single intent to drive coordinated changes across many repositories, with sequencing handled automatically. The platform extends orchestration beyond code generation to planning artifacts, integrating with documentation systems, issue trackers, and communication tools to move work from design through execution.
Tasks can be decomposed into small, parallelizable units, assigned based on dependency structure, and reassembled through review-ready pull requests. This orchestration model aligns with software factory thinking, where intent flows through a structured pipeline. Regulated organizations still need agent workflows to respect existing approval and compliance checkpoints, but one person can now simply outline the desired outcome while the human-agent team works toward that end state together.
This vision of collaborative orchestration represents a fundamental shift in how software gets built. The challenge ahead is balancing the speed of autonomous systems with the governance requirements of enterprise SDLC. For now, the environment remains the critical enabler, ensuring agents can operate safely, effectively, and at scale.
To hear more about secure cloud workspaces and enterprise AI, listen to Matt Boyle discuss these ideas in depth on the Dev Interrupted podcast.
