AVP removes live API credentials from the agent process entirely, meaning prompt-injection attacks or other exploits that compromise the agent cannot exfiltrate secrets the process never possessed.
The feature gives teams a concrete guardrail against runaway AI spend, particularly for autonomous or unsupervised workflows that can consume tokens faster than manual monitoring can catch.