new | ask | show | jobs
kstenerud 6 hours ago  [ - ]

If you're not sandboxing your agent, everything on your computer is waiting to be exposed.

Assuming that file permissions will save you is naively dangerous.

nativeit 6 hours ago  [ - ]

It seems insane to me that so many people are OK with this. Why is it necessary for an agent to upload every bit of data it sees to OpenAI at all? Particularly if my agents can’t remember anything beyond a single session, why should the data exist permanently anywhere but in its original location?

jstanley 6 hours ago  [ - ]

> Why is it necessary for an agent to upload every bit of data it sees to OpenAI at all?

The LLM is running at OpenAI. The agent doesn't see anything that doesn't get sent to OpenAI.

It's like running a compiler in the cloud and asking why you need to send your source code to it when you only want the binary to be on your local PC. It's because that's where the processing is going on and it can't process what it can't see.

> why should the data exist permanently anywhere but in its original location?

Sure, they don't necessarily have to retain it permanently.

SubiculumCode 3 hours ago  [ - ]

What is your sandbox approach? Any good guides? Something about asking a LLM for advice on how to sandbox LLMs.....

kstenerud 2 hours ago  [ - ]

I use this: https://github.com/kstenerud/yoloai

    yoloai new mysandbox .   # Create a sandbox
    yoloai attach mysandbox  # Attach the sandbox to the current terminal
    ... (^b^d to disconnect) # It's using tmux to keep the agent alive
    yoloai diff mysandbox    # See what the agent did
    yoloai apply mysandbox   # apply its changes to your workdir
    yoloai destroy sandbox
You can also make it run a prompt and block until it's done:

    yoloai run mysandbox . -p "read issue https://github.com/kstenerud/yoloai/issues/190 and fix it"
    yoloai diff mysandbox
    yoloai apply mysandbox
    yoloai destroy sandbox
SubiculumCode 11 minutes ago  [ - ]

thanks. I will check that out, I'm also checking out smolvm. Sometimes it is hard to distinguish my modest needs versus what might be needed at a corporate infrastructure level for coding or agent orchestration.

I'm just writing scripts for neuroimaging analysis, etc, and want to ensure codex etc doesn't read my sqlite db or csvs, and send my research data to the inference provider...

Are people using these and interacting with the agent via terminal, or are there fuller cli interfaces, or integrations?

efxhoy 3 hours ago  [ - ]

How could an agent bypass file permissions?

kstenerud 2 hours ago  [ - ]

By exploiting a root escalation.

Or just finding a file/dir you forgot to set a tight enough mode on (happens a lot in systems where the default is insecure).