logoalt Hacker News

SwellJoeyesterday at 10:52 PM6 repliesview on HN

I don't run agents directly on my desktop/laptop machine. I run them in VMs or containers (sometimes in containers on VMs). There have been too many credentials stealing exploits via prompt injection and the like for me to be willing to let an agent roam around on my personal system.

I've also started creating new github deploy keys for each repo in use on a VM, so the blast area for any given agent disaster is "a couple/few github repos and whatever credentials were needed for the agent/model".

I wouldn't let a coworker, even one I know pretty well, log into my personal account on my machines...why would I let an agent that can be tricked into uploading all my credentials to an attackers web server?

The agents have sandboxes, but those are loose. Not enforced by anything outside of the agent harness itself.


Replies

edouard-harristoday at 9:45 AM

> The agents have sandboxes, but those are loose. Not enforced by anything outside of the agent harness itself.

You might want to check out Ant's open source srt [0], I use it to contain my local coding agents. It's strict by default and enforced at the OS layer.

[0] https://github.com/anthropic-experimental/sandbox-runtime

notshoreyesterday at 11:04 PM

I'm working on a credential broker that would keep credentials vaulted and parcel out access on a per-grant basis. Is that something you'd find useful or is your setup comprehensive enough? We would be allowing people to draft access policies with natural language, I figured it would be useful for things like vercel, stripe access etc.

show 2 replies
scorpioxyyesterday at 11:48 PM

Oh yeah, that sounds wise to me. Some people don't run the agents on a VM on their own machine and opt for a VPS somewhere. And I was wondering if privacy and security had anything to do with their decision.

drnick1today at 4:41 AM

Do you not find a dedicated UNIX user to be sufficient for the sake of protecting personal files, SSH keys, etc?

show 2 replies
Avicebrontoday at 1:17 AM

This is what I do, VMs in proxmox. It works really well.

chrisweeklytoday at 2:27 AM

Have you seen smolvm (from smolmachines)?