By ByteBot
Sixty-one percent of engineering teams are already running AI coding agents. Seventy percent of them are doing it on infrastructure that was never designed to support it. That gap — between rapid AI adoption and the enterprise governance infrastructure to back it up — is exactly what Coder is targeting with Coder Agents, a self-hosted, model-agnostic AI coding platform that launched in beta on May 6.
The Infrastructure Problem Nobody Wanted to Talk About
The pitch from every major AI coding tool is roughly the same: faster code, smarter completions, autonomous pull requests. What gets buried in the fine print is where all that inference actually happens. When your developer prompts GitHub Copilot or Cursor with your proprietary codebase context, that traffic routes through Microsoft’s or Cursor’s cloud — even on enterprise plans that promise zero retention. For most companies this is a calculated trade-off. For regulated industries — healthcare, financial services, defense, government contractors — it is often a compliance non-starter.
The numbers back this up. The Cloud Security Alliance and Zenity’s 2026 enterprise AI security report found that 88% of organizations had confirmed or suspected AI agent security incidents in the past year. Healthcare was worse at 92.7%. Only 14.4% of organizations send agents to production with full security or IT sign-off. The EU AI Act’s full compliance deadline for high-risk AI systems is August 2, 2026 — three months away. The window for “we’ll figure it out later” is closing.
What Coder Agents Actually Does
Coder’s approach is straightforward in concept but technically deliberate: the entire agent execution stack runs on infrastructure you own. That means the control plane, model traffic, prompts, source code, and audit logs never leave your network perimeter. This is not a “data processing agreement” situation where your data is processed externally under contract. The compute does not leave.
The architecture has three main pieces. The control plane (coderd) manages workspace lifecycles, user authentication, agent permissions, and external integrations. Templates define the agent environment — admins create them, developers use them to launch Workspaces. This separation of definition from usage gives platform teams governance without having to chase down individual developers. The third piece is AI Bridge, a gateway that intercepts all model traffic between agents or IDEs and the upstream LLM providers, recording prompts, token usage, and tool invocations — giving you a full audit trail of what every agent actually did.
Pick Any Model, Run It Anywhere
Coder Agents is model-agnostic by design. It integrates with Anthropic, OpenAI, Google, AWS Bedrock, and Azure OpenAI out of the box. It also connects to any OpenAI-compatible endpoint, which means self-hosted models — Llama, Mistral, Qwen, anything running on vLLM or Ollama — are first-class options. For air-gapped deployments where no external network calls are acceptable, you run a self-hosted model inside the perimeter and model traffic never crosses a firewall.
Platform teams control which models are available to developers, at what spend limits, and with what policy constraints. Developers get flexibility within those guardrails. It is the same governance model enterprises use for cloud spend — budget-bound, policy-enforced, fully auditable.
What Developers Do With It
From the developer side, Coder Agents handles the kinds of tasks that eat hours of otherwise productive time: writing and modifying code across multiple files, generating and running test suites, analyzing repository architecture, and opening pull requests. All of this is accessible via a conversational interface or the REST API documented in the Coder Agents docs. The agents do not just autocomplete — they reason, execute, and commit work.
Who Should Be Paying Attention Right Now
Coder Agents is in beta through September 2026, with full feature access and no usage-based limits during the evaluation period. The open-source base is available on GitHub (coder/coder). If you are on an enterprise team that has been watching AI coding adoption from the sidelines because of data residency requirements, this is the evaluation window. The beta will not last, and the compliance deadlines will not wait.
For the 70% of teams already running agents on infrastructure not designed for them, the question has shifted from “should we use AI coding agents” to “are we running them in a way that can survive a security audit.” Coder Agents is a direct answer to the second question.
