platform_toolsets and disabled_toolsets, Blank Slate mode pins the toolset even across hermes update. A regular setup might see tools re-enabled when a new release ships with updated defaults. A Blank Slate agent stays locked — what you didn't choose stays off, permanently, until you change the config yourself.
For enterprise teams, this is the difference between an agent you audit once and an agent you re-audit after every update.
The Security Story
The timing isn't accidental. A Reddit thread from June 14 flagged that default Hermes installs were silently routing web requests through bundled tools — a non-issue for most users, but a red flag for security-conscious teams deploying Hermes in regulated environments. The Blank Slate response landed six days later.
Now, teams that need Hermes inside a locked-down network can start with file and terminal, add exactly the tools their security policy permits, and trust that nothing creeps back in during the next update cycle. Combined with Hermes's existing profile system — which makes agent configuration portable as a git repository — Blank Slate mode turns agent security into infrastructure-as-code.
What the Community Is Saying
The response has been swift. MarkTechPost called it a mode "that pins toolsets via platform_toolsets.cli and disabled_toolsets." FutureSignalNews framed it as "build your AI agent from scratch." Scouts by Yutori noted the shift "from default-everything to explicit opt-in" as a signal of enterprise maturity. TechLatest's weekly roundup paired Blank Slate with async subagents as the two upgrades that make Hermes "enterprise-ready."
Blank Slate mode is a small feature in lines of code — a 235-line setup wizard — but a large one in philosophy. It says: your agent, your stack, your risk profile. Nothing loads unless you said so.
Cet article a été initialement publié sur The Agent Report.