> But on the other hand... this is a robust reminder that coding agents can do anything you can do by typing commands into a terminal—and frontier models know every trick in the book and evidently a few that nobody has ever written down before.

> Running coding agents outside of a sandbox has always been a bad idea

This is why I always run code agents inside containers (Apple containers specifically, for better hypervisor-level isolation)

This is my OSS project to manage said containers and agents: https://github.com/prettysmartdev/awman