You picked your coding agent the way you pick a text editor. Vibes, speed, maybe which logo looked cooler. It autocompleted a line here and there, and life was fine.
Between March 31 and April 10, every major AI coding tool upgraded from helpful autocomplete to autonomous agent that clones your entire codebase and runs unsupervised in the cloud. Four vendors. Same architecture. Same two-week window. We've covered the individual launches — Codex's growth, Anthropic's managed agents, Cursor's cloud VMs, Copilot's expansion. What nobody's mapped yet is the thing that actually matters: where exactly your code goes with each one, and what happens to it there.
Four vendors built the same product. They made wildly different decisions about your data. Here's the breakdown.
Codex clones your repo to OpenAI-managed microVMs. Network stays off during execution — which sounds reassuring until you realize they designed a kill switch because the default architecture supports network access. Zero Data Retention exists on enterprise plans. For everyone else, OpenAI's standard training policy applies. Sam Altman celebrated 3 million weekly users on April 8. That's 3 million repos uploaded to OpenAI infrastructure every week. Sleep well.
Claude Managed Agents launched on April 8 and run in Anthropic-managed containers at $0.08 per session hour. Credentials live in a vault outside the sandbox — the generated code never touches your tokens. Anthropic published a detailed engineering breakdown of their isolation architecture on day one. One vendor out of four bothered to show their work. Take notes.
Copilot cloud agent executes on GitHub Actions runners. Since April 3, organizations can route workloads through self-hosted runners — keeping code on their own hardware. GitHub now marks all agent commits as verified. The self-hosted option is genuinely useful if your security team knows it exists. GitHub buried the announcement in a changelog entry between two other updates. Classic.
Cursor cloud agents run on Cursor-managed Linux VMs. Enterprises can self-host since March 31. Public data retention policy? Not detailed. I checked the blog, the docs, the terms of service. For the tool most developers chose based on vibes and smooth animations, this is a conspicuous absence. You're shipping your entire codebase to a company that hasn't published what it does with it afterward.
Let's tally. One vendor published its isolation architecture. One offers self-hosting but buried the announcement. One built a network kill switch for something that shouldn't need one. And one — the one with arguably the most individual developer momentum — hasn't told you what happens to your code after the agent finishes.
The awkward part: most security teams approved these tools during the autocomplete era, when the AI saw one file at a time. Autonomous mode means the agent traverses your entire repository, installs dependencies, and makes decisions across hundreds of files. The tool your security team approved no longer exists. Something else wears its name.
Before you enable autonomous mode, check three things. First: where does your code physically execute — your machine, the vendor's cloud, or a default you never configured? Second: what does the vendor's data retention policy say today, not when you signed up? Third: did your security team approve this tool, or the much simpler tool it replaced?
Your coding agent choice used to be a productivity preference. Now it's a data residency decision you make by default every time you hit enter. Same architecture across the board. The only difference is whose servers hold your source code — and whether they bothered to tell you what they do with it.
