Edited by humans. Written by AI. How our editing works
All articles

Who's Watching the AI Agent at 3am?

AI agents now run unsupervised for days on remote servers. Samira Okonkwo-Barnes examines the governance gap this infrastructure creates—and who's liable when things go wrong.

Samira Barnes

Written by AI. Samira Barnes

May 26, 20267 min read
Share:
Man with shocked expression beside tmux terminal windows displaying server logs, system information, and test results with…

Photo: AI. Renzo Vargas

Consider what a developer deploying a long-horizon AI coding agent on a remote server is actually authorizing: a software process with write access to a codebase, the ability to execute shell commands, and—depending on how it's configured—the capacity to interact with external APIs, push to version control, and spin up cloud infrastructure. Then consider that this process may run for 24 hours or more with no human in the loop. Then consider that the current regulatory framework governing this situation is, generously speaking, thin.

That governance gap is what makes a recent tutorial video by developer David Ondrej worth examining beyond its technical content. Ondrej's guide to using tmux—a terminal multiplexer first released by Nicholas Marriott in 2007—frames the tool as essential infrastructure for what he calls "agentic engineers." The setup involves running multiple AI coding agents simultaneously on a virtual private server, detaching from the session, and walking away. The agents keep running. The developer can be at the gym. The agent is, in Ondrej's words, "pursuing this goal for many hours."

This is not a security research paper. It's a how-to video aimed at developers who want to be more productive. But the infrastructure pattern it describes raises questions that the EU AI Act, FTC guidance on automated systems, and emerging developer liability frameworks have not yet answered coherently—and those questions are going to get harder to ignore as tooling like this proliferates.

The infrastructure, briefly

For readers unfamiliar with the mechanics: tmux keeps terminal sessions alive after a user disconnects, and allows multiple sessions to run in parallel within a single server environment. Ondrej's setup combines this with a VPS—a rented remote server—so that AI coding agents like Anthropic's Claude Code or OpenAI's Codex CLI can run continuously without depending on a local machine staying awake. The commands and configuration details are straightforward; Ondrej provides a bundled resource guide for anyone who wants to replicate the setup.

What matters for the governance question is not the plumbing. It's the operational model it enables: persistent, unsupervised, multi-agent execution of tasks that can include code generation, file system modification, and external service calls.

"Last year, the longest agent ran for like five to ten minutes," Ondrej notes. "Now with features like /go inside of Codex and Hermes"—the latter a less-documented agent platform referenced in the video—"agents can run for days."

That trajectory is not in dispute. What's in dispute is whether the institutions responsible for governing automated decision-making have kept pace with it.

The regulatory gap

Start with the EU AI Act, which entered into force in August 2024 and whose high-risk system provisions begin applying in stages through 2026. The Act imposes logging requirements on high-risk AI systems—specifically, the ability to trace inputs and outputs with enough fidelity to support post-hoc review. An AI agent autonomously refactoring a production codebase or interacting with external APIs would need, under at least some readings of the Act's scope, meaningful audit trails.

The tmux-and-VPS setup as described does not inherently provide this. Terminal session persistence is not the same as structured logging. Ondrej's demo shows agents writing code, running commands, and building out applications—but the oversight interface is a terminal window a developer can optionally check by SSHing back in. There is no logging schema, no alert threshold, no kill switch beyond the developer manually attaching to the session and pressing Ctrl+C.

The FTC's guidance on automated systems, while less prescriptive than the AI Act, has consistently emphasized that companies deploying automated processes bear responsibility for those processes' outputs—including when the process operates without real-time human oversight. The Commission's 2023 report on AI and consumer protection made clear that "I set it and walked away" is not a liability shield.

Neither of these frameworks was designed with the specific pattern of a solo developer running four Claude Code instances on a $12/month VPS in mind. But the principle they're gesturing toward—that someone must be accountable for what an automated system does, and that accountability requires the ability to know what the system actually did—applies regardless of whether the operator is a Fortune 500 company or a developer watching their battery meter while their agents build a Reddit clone in Lithuania.

Who this concentrates power with

Ondrej frames the tmux-plus-VPS setup as democratizing: "even if you're not a DevOps expert, even if you're not a developer, grab yourself a VPS and start using T-Max with multiple agents building your software for hours at a time." The division he draws—between "vibe coders" who develop locally and "agentic engineers" who run persistent multi-agent infrastructure—is presented as a skills gap that anyone can close with a twenty-minute video.

That framing deserves more scrutiny than it gets. The infrastructure pattern Ondrej describes does lower certain technical barriers. SSH access to a remote server, once the exclusive province of systems administrators, is now genuinely accessible to a much broader population of developers. That part is real.

But the distributional question runs deeper than who can set up a tmux session. The developers who can run multiple paid AI agent subscriptions—Claude Code, Codex CLI, potentially others—concurrently on a VPS, executing long-horizon tasks, are not randomly distributed across the developer population. They are disproportionately resourced, disproportionately connected to the AI tooling ecosystem, and operating at a productivity multiple that compounds over time. The gap Ondrej identifies between "vibe coders" and "agentic engineers" is real; the implication that a tutorial video closes it elides the subscription costs, the prior technical knowledge required to supervise agent output meaningfully, and the liability exposure that falls entirely on the individual deploying these systems.

The AI agent economy, in other words, is not a level playing field dressed up in terminal commands.

The accountability question no one is asking

Ondrej demonstrates an agent being given a /go directive—a long-running autonomous task mode—and then detaching from the session entirely. The agent continues working. He reconnects later to find that significant development has occurred: files created, a web app partially built, dependencies installed. He asks the agent to explain what it did.

That's a developer reviewing agent output informally after the fact, by querying the agent that produced the output. It's a reasonable workflow choice at the individual level. As a governance model, it would not survive contact with any serious accountability framework.

The EU AI Act's logging requirements exist precisely because "ask the system what it did" is insufficient for post-hoc review. An AI model's self-report of its own actions is not an audit trail. What Ondrej's infrastructure optimizes for—maximum agent throughput with minimum developer attention—is almost definitionally in tension with what meaningful oversight requires.

"There is a massive difference between people who don't use T-Max and who do use T-Max," Ondrej says, and on the productivity question he's probably right. The difference between developers who have thought carefully about what their agents are authorized to do and those who haven't is going to matter more, and regulators are going to start caring about it sooner than the AI development community seems to expect.

tmux has been available since 2007. The question of who is responsible for what a persistent, autonomous process does is considerably older. Neither has a satisfying answer in the current policy landscape.

Disclosure: This article is based on a video by David Ondrej, which was sponsored by Hostinger. Buzzrag has no commercial relationship with Hostinger or any VPS provider mentioned.


Samira Okonkwo-Barnes is Buzzrag's tech policy and regulation correspondent.

From the BuzzRAG Team

AI Moves Fast. We Keep You Current.

Framework breakdowns, tool comparisons, and AI coding insights — distilled from the best tech YouTube creators. Free, weekly.

Weekly digestNo spamUnsubscribe anytime

More Like This

Code editor showing KIMI K2.6 AI coder interface with compilation output, terminal console, and neon UI design elements on…

Kimi K2.6 Is Free on NVIDIA NIM—Read the Fine Print

Kimi K2.6 is now free via NVIDIA's NIM API. But who controls AI model distribution when NVIDIA becomes the default inference layer?

Samira Barnes·2 months ago·7 min read
Bold "AWESOME DESIGN.md!" text overlays a design interface with an upward arrow and "Generating Design" progress indicator…

Design.md Files Expose a Gap in AI Regulation Standards

How a GitHub repository of design system files reveals the absence of standardization frameworks for AI-generated interfaces—and why that matters.

Samira Barnes·3 months ago·8 min read
Orange and black thumbnail featuring pixelated robot and brain icons with "CLAUDE CODE" text and "SELF-EVOLVING" subtitle…

Karpathy's Self-Evolving AI Wiki Tests New Memory Model

Andrej Karpathy released an architectural blueprint for AI agents that maintain their own knowledge bases. Does it solve AI's memory problem or create new ones?

Samira Barnes·3 months ago·7 min read
Two developers analyzing GitHub trending repositories on multiple screens displaying data charts and metrics with orange…

31 GitHub Projects Reveal How Developers Defend Against AI

GitHub's trending projects show developers building sandboxes, secret managers, and permission systems to control AI agents before they control everything else.

Rachel "Rach" Kovacs·5 months ago·5 min read
Man with surprised expression next to Oz and Warp logos with yellow "BUILD ANYTHING" text on black background

AI Agents That Work While You Sleep: The Next Shift

Cloud-based AI coding agents now run scheduled tasks overnight. A developer built a news monitoring system in one afternoon that never sleeps.

Bob Reynolds·5 months ago·6 min read
Excited man in orange shirt pointing at glowing red app icon with "BEST SETUP" text and menu options labeled Settings,…

Claude's New Computer Control: AI Agent or Chaos Engine?

Anthropic's Claude can now control your browser, publish blog posts, and automate workflows. SEO consultant Julian Goldie tests whether it actually works.

Dev Kapoor·4 months ago·6 min read
Colorful graphic split into four sections featuring Linux penguin, Steam logo, French flag, and text highlighting Linux…

Linux 7.0 Ships While AI Bug Hunters Reshape Security

Linux kernel 7.0 brings major file system improvements as Anthropic's AI bug-finding tool discovers decades-old vulnerabilities, changing cybersecurity forever.

Samira Barnes·3 months ago·7 min read
Smartphone displaying YouTube's time management settings for Shorts feed limits, with blue-to-pink gradient background and…

YouTube Lets Users Finally Kill Shorts Feed—With Caveats

YouTube now allows users to set a zero-minute daily limit on Shorts, effectively removing them from feeds. Here's what the feature actually does—and doesn't—do.

Samira Barnes·3 months ago·5 min read

RAG·vector embedding

2026-05-26
1,706 tokens1536-dimmodel text-embedding-3-small

This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.