logoalt Hacker News

pedromosstoday at 7:44 AM1 replyview on HN

This is exactly why tools like Landstrip[1] exist. Sandboxing is a good mitigation to an extent, but it cannot address every class of attack. If an agent allows untrusted content to influence privileged decisions, the underlying design still has a large attack surface. Claude Code is also susceptible to this class of issue because of how its plugin interface works.

[1]: https://github.com/landstrip/landstrip


Replies

pedromosstoday at 7:53 AM

Also, I'm not particularly fond of using VM/microVM for sandboxing agents. This aligns with my line of thought: https://www.linkedin.com/pulse/why-your-microvm-sandbox-solv...