Warp, which builds software to help developers control AI agents and other software from the command line, is rolling out a new tool called Oz to collaboratively command AI in the cloud.
Last year, Warp launched its agentic development environment, which lets programmers command AI agents to write code and other tasks. Developers can also use the software to edit code on their own and run command-line development tools. That release came as many developers became increasingly fond of vibe coding—the process of instructing an AI on what source code should do rather than writing it directly—and the industry produced a variety of tools, including Anthropic’s Claude Code and Google’s Antigravity, aimed at assisting with the process.
But, says Warp’s founder and CEO Zach Lloyd, most existing agentic development software is geared at individual developers interacting with agents developing code on their own computers. That can make it difficult for teams to collaborate on agent-driven development and even make it hard for managers and colleagues to understand what individual developers already have AI agents working on. It can also make it difficult to guarantee agents are properly configured and securely handling company code and data, even in the face of deliberate attempts to steal data, like external “prompt injection” attacks meant to deceive AI, says Lloyd.
“Right now, with everyone who’s using these agents on their local machines, it’s like the Wild West,” he says. “You don’t know what they’re doing.”
Oz looks to solve that problem by providing secure, cloud-based sandbox for AI agents to run as they write code, process customer feedback and bug reports, and handle a variety of other tasks, with all of their operations logged and accessible through a Warp app or web interface.
“Every time an agent runs, you get a complete record of what it did,” Lloyd says.
Through Oz, companies can heavily customize what access employees have to different agents and tweak what permissions agents themselves have to avoid security risks. And agents can be automatically scheduled to run at particular times or in response to particular events, or manually instructed to run as needed, says Lloyd, demonstrating one agent the company uses internally to root out potential fraudulent use of its platform.
