alt Hacker Newssandboxing is really the only way to make agentic workflows auditable for enterprise risk. we can't underwrite trust in the model's output, but we can underwrite the isolation layer. if you can prove the agent literally cannot access the host network or sensitive volumes regardless of its instructions, that's a much cleaner compliance story than just relying on system prompts.
Replies
robotswantdata • yesterday at 2:22 PM
Sandbox won’t be enough, distroless + “data firewall” + audit
➕ show 1 reply
This may sound obvious, but there must also be an enforcement of what's allowed into that sandbox.
I can envision perfectly secure sandboxes where people put company secrets and communicate them over to "the cloud".