alt Hacker NewsI think for the first time ever, we are facing a paradigm shift in containment/sandboxing.
Just as Docker became the de facto standard for cloud containerization, we are seeing a lot of solutions attempting to sandbox AI agents. But imo there is a fundamental difference: previously, we sandboxed static processes. Now, we are attempting to sandbox something that potentially has the agency and reasoning capabilities to try and get itself out.
It’s going to be super interesting (and frankly exciting) to see how the security landscape evolves this time around.
Replies
I think a sandbox containing a program should only output data. And that data should conform to a schema. The old difference between programs and data instead of turing-complete languages everywhere.
I have been saying for years that technology increasingly requires the development of memetic firewalls - firewalls that don't just filter based on metadata, but filter based on ideas. Our firewalls need to be at least as capable as the entities it seems to keep out (or in).
[dead]
> Now, we are attempting to sandbox something that potentially has the agency and reasoning capabilities to try and get itself out.
The threat model for actual sandboxes has always been "an attacker now controls the execution inside the sandbox". That attacker has agency and reasoning capabilities.