alt Hacker NewsThis is why we only allow our agent VMs to talk to pip, npm, and apt. Even then, the outgoing request sizes are monitoring to make sure that they are resonably small
Replies
ramoz • yesterday at 10:48 PM
This doesn’t solve the problem. The lethal trifecta as defined is not solvable and is misleading in terms of “just cut off a leg”. (Though firewalling is practically a decent bubble wrap solution).
But for truly sensitive work, you still have many non-obvious leaks.
Even in small requests the agent can encode secrets.
An AI agent that is misaligned will find leaks like this and many more.
thats nifty, so can attackers upload the user's codebase to the internet as a package?