Cloud - agent security

We would like to use prefect cloud for orchestrating jobs. If prefect cloud is compromised by a bad actor, would it be possible for them to infiltrate or exfiltrate arbitrary code/data to run on agents that are hosted on-prem behind firewall. Are there any steps we can follow to test that assumption?

Hi @jedi, welcome to Discourse!

I answered the same question you also asked via Slack but essentially:

  • Prefect Cloud operates purely on metadata and your entire code and data remain on your infrastructure,
  • this means that Prefect has no access to your infrastructure, code, or data – it operates purely on an outbound connection from your infrastructure to Prefect Cloud, never in the other direction.