← Back to context

Comment by sixhobbits

1 day ago

Gotta exaggerate a bit to get attention :D

But I think I'm getting to the point where "If I'd let an intern/junior dev have access while I'm watching then I'm probably OK with Claude having it too"

The thing that annoys me about a lot of infosec people is that they have all of these opinions about bad practice that are removed from the actual 'what's the worst that could happen here' impact/risk factor.

I'm not running lfg on a control tower that's landing boeing 737s, but for a simple non-critical CRUD app? Probably the tradeoff is worth it.

5 comments

sixhobbits

Reply
Thrymr  1 day ago

Why in the world would you advocate explicitly for letting it run on production servers, rather than teaching it how to test in a development or staging environment like you would with a junior engineer?

nvch  1 day ago

We allow juniors in risky areas because that’s how they will learn. Not the case for current AIs.

  • tptacek  1 day ago

    I think that's like, fractally wrong. We don't allow early-stage developers to bypass security policies so that they can learn, and AI workflow and tool development is itself a learning process.

    • lmm  9 hours ago

      > We don't allow early-stage developers to bypass security policies so that they can learn

      Back when I worked at an F500 it was normal practice to give early-stage developers access to a "research" environment where our normal security policies were not applied. (Of course the flipside was that that "research" environment didn't have any access to confidential data etc., but it was a "prod" environment for most purposes)

philipp-gayret  18 hours ago

My workflow is somewhat similar to yours. I also much love --dangerously-skip-permissions, as root! I even like to do it from multiple Claude Code instances in parallel when I have parallel ideas that can be worked out.

Maybe my wrapper project is interesting for you? https://github.com/release-engineers/agent-sandbox It's to keep Claude Code containerized with a copy of the workspace and a firewall/proxy so it can only access certain sites. With my workflow I don't really risk much, and the "output" is a .patch file I can inspect before I git apply it.