IBM Bob

Security guidelines

Learn how to reduce risk when you use Bob to read files, edit code, run commands, and connect to external tools.

Use these guidelines to reduce risk when you work with Bob in your development environment.

Security checklist

Review this checklist before you use Bob in a new workspace:
  • Configure .bobignore to restrict file access.
    •
  • Review and limit auto-approve settings.
    •
  • Keep secrets out of prompts, code snippets, and accessible files.
    •
  • Use Model Context Protocol (MCP) servers with authentication, encryption, and access controls.
    •
  • Review Bob's output before you apply changes or run generated commands.
    •

Restrict file access with .bobignore

You can limit which files Bob reads or modifies by configuring .bobignore. The .bobignore file uses the same syntax as .gitignore and is one of the first controls to configure in a workspace.

Set up .bobignore

Create a .bobignore file in your workspace root.

Add patterns for sensitive files, credential stores, generated assets, and any data that Bob must not access.

# Example .bobignore patterns
.env
secrets/
*.key
config/credentials.json

Bob monitors the .bobignore file and applies changes automatically. For more information, see Using .bobignore.

Understand .bobignore limitations

.bobignore helps control access through Bob tools, but it does not isolate Bob from your system. Keep these limitations in mind:
  • It applies only to files in the current workspace.
    •
  • It does not create a system-level sandbox.
    •
  • You still need to review tool permissions and approval settings carefully.
    •

Limit auto-approve settings

You can configure Bob to skip confirmation prompts for some actions. Auto-approve can speed up routine work, but it also increases risk.

Warning

Auto-approve settings reduce your opportunity to review actions before Bob reads files, edits content, runs commands, or uses external tools. Use auto-approve only after you understand the risk for your workspace.

Review high-risk settings

SettingRiskRecommendation
Edit filesHighEnable only in controlled environments.
Execute commandsHighRestrict usage and avoid broad command patterns.
Use MCP serversMedium to highUse only trusted servers with clear access controls.
Read filesMediumConsider whether accessible files contain sensitive data.

Always review Bob output for accuracy before you apply changes or run generated commands. Do not assume AI-generated output is correct or safe.

For more information, see Auto-approving actions.

Handle secrets securely

Do not provide secrets directly to Bob or any other AI system. Even short-lived exposure in prompts, pasted code, or accessible files can create risk.

Follow secrets management practices

  • Store secrets in environment files or approved secret management systems.
    •
  • Add secret files to both .gitignore and .bobignore.
    •
  • Use secret management tools when possible.
    •
  • Apply the principle of least privilege when you assign credentials.
    •

Use delegated access when needed

Do not use credentials that let AI systems act broadly on your behalf without review. When Bob needs access to external systems:
  • Use delegated access methods such as OAuth when available.
    •
  • Use time-limited tokens.
    •
  • Monitor and audit all actions.
    •

Use MCP securely

Model Context Protocol (MCP) extends Bob by connecting it to external tools and services. These connections can increase capability, but they also expand your security boundary.

Understand the MCP security model

In an MCP integration:
  • Bob acts as the host with an MCP client.
    •
  • The client connects to local or remote MCP servers.
    •
  • MCP servers expose additional tools and actions.
    •

Secure MCP servers

When you use MCP servers, verify these controls:
  • Authentication: Verify the identity of users and services that access the server.
    •
  • Encryption: Protect data in transit between Bob and the server.
    •
  • Access controls: Limit which actions the server can perform.
    •
  • Auditing: Record actions so you can investigate activity later.
    •

Treat remote MCP servers like other production or shared infrastructure. Apply endpoint protection, network restrictions, and access controls that match the sensitivity of the systems they reach.

For shared MCP servers, make sure that actions are attributable to specific users or sessions.

Additional security practices

  • Review generated content before you implement it.
    •
  • Keep Bob and related dependencies up to date.
    •
  • Train team members on AI security risks and review expectations.
    •
  • Prepare an incident response process for AI-assisted workflows.
    •
  • Use dedicated workspaces for sensitive projects when appropriate.
    •
  • Scope permissions to the minimum access required for each task.
    •

These practices help you use Bob more safely in everyday development workflows.

How is this topic?

API keys

Authenticate Bob for automation workflows without browser-based sign-in. Available for trial and paid plan users. Manage keys individually or as an admin across your instance.

Plan overview

Scale IBM Bob across your organization with centralized control. Get enhanced team management capabilities, shared Bobcoin allocation, and dedicated support to help your organization maximize productivity.

On this page

Security checklistRestrict file access with .bobignoreSet up .bobignoreUnderstand .bobignore limitationsLimit auto-approve settingsReview high-risk settingsHandle secrets securelyFollow secrets management practicesUse delegated access when neededUse MCP securelyUnderstand the MCP security modelSecure MCP serversAdditional security practices