Doesn’t surprise me.
Yesterday I learned that people run AI agents on their system with full admin rights. No containerisation or anything. Wild. Like we forgot 50 years of computer security overnight.
That's because sandboxing is quite hard. I use `cco`, but even then, the home folder is exposed. You are one prompt away from the agent sending the browser passwords with curl.
To prevent this, you need a fake home and a networking whitelist for the agent to access the provider (llama cpp, OpenAI, etc.)
There is no cross-platform solution that is easy to use for this. And no, a Linux box with Docker won't do. I develop a cross-platform native app and want the agent to compile and fix the platform-specific errors.
Mostly people are lazy and assume that the big labs can't be releasing unsecure software or it's their responsibility.
dangerously skip permissions and yolo is kinda becoming the default as it gets more done.
This is not about admin rights, it’s about the agent leaking information it knows from its memories. Sandboxing won’t really help you.
Containers don't even really help that much because they share the host file system. Need a VM, and even then, agents have escaped them!
We expect that Anthropic or OAI or Google don’t do evil. Oh wait…
The awakening will be unpleasant.
Most programmers and power users install large dependency trees with npm/pip/bundler/... on the same user account as their main browser on a regular basis. Even on Linux where it's easy to create new user accounts. This isn't much different.