alt Hacker NewsSome of these don’t really seem like they bypassed any kind of sandbox. Like hallucinating an npm package. You acknowledge that the install will fail if someone tries to reinstall from the lock file. Are you not doing that in CI? Same with curl, you’ve explained how the agent saw a hallucinated error code, but not how a network request would have bypass the sandbox. These just sound like examples of friction introduced by the sandbox.
Replies
themafia • today at 12:13 AM
> These just sound like examples of friction introduced by the sandbox.
The whole idea of putting "agentic" LLMs inside a sandbox sounds like rubbing two pieces of sandpaper together in the hopes a house will magically build itself.
➕ show 3 replies
You're right, this is a bit of a conflation. The curl and lockfile examples aren't sandbox escapes, the network blocks worked. The agent just masked the failure or corrupted local state to keep going. The env var leak and directory swap are the actual escapes. Should have been clearer about the distinction.