The cloud you give your agents isn't the cloud you use yourself—until now.
The Summary
- exe.dev launches as a cloud infrastructure platform purpose-built for AI agents, offering VM pools with SSH, root access, and web authentication out of the box
- The killer feature: secrets injected at the network edge, keeping credentials out of LLM context windows where they could be leaked or hallucinated
- Positioning itself for the shift from human-operated infrastructure to agent-operated workloads—persistent servers, internal tools, and disposable dev environments all treated the same
The Signal
The infrastructure layer is fragmenting. Not between AWS and Azure. Between what humans provision and what agents need to spin up on their own.
exe.dev is betting that agents don't want infrastructure-as-code. They want infrastructure-as-computer. VM pools with SSH and root by default. Web auth baked in. The product description is almost aggressively simple: "It's just a computer."
The architecture decision that matters most is secrets handling. Traditional cloud platforms assume a human is reading the dashboard, checking the logs, reviewing the terraform. When an LLM is doing the provisioning, every secret that touches its context window becomes a liability. exe.dev injects credentials at the network edge instead, keeping them out of the agent's working memory entirely.
"Secrets injected at the network edge stay out of the LLM's hands."
This is the infrastructure equivalent of what Anthropic did with Claude's computer use feature. Give the agent real capability, then build guardrails at the boundary layer, not in the agent's decision-making process.
The use cases span the full range of agent work:
- Persistent servers for long-running agent tasks
- Internal tools that agents build and maintain themselves
- Vibe coding environments where an agent spins up, tests, tears down
- Disposable devboxes for one-off experiments
What exe.dev understands that most cloud providers are still figuring out: agents don't need a simpler version of your enterprise platform. They need the inverse. Root access by default. Fewer abstractions, not more. The security model has to assume the operator might leak every piece of text it touches, so you design around that constraint rather than pretending it doesn't exist.
The Implication
If you're building agents that provision their own infrastructure, watch how exe.dev's edge-based secrets model performs in production. The gap between "agents that can read documentation" and "agents that can safely operate production systems" is almost entirely about credential management.
For infrastructure companies: the agent era doesn't mean dumbing down your platform. It means rethinking which parts need to be simpler (fewer services, clearer primitives) and which parts need to get harder (security boundaries that assume context window compromise).