Comment by 0xbadcafebee
3 days ago
But they literally called it 'yolo mode'. It's an idiot button. If they added protections by default, someone would just demand an option to disable all the protections, and all the idiots would use that.
3 days ago
But they literally called it 'yolo mode'. It's an idiot button. If they added protections by default, someone would just demand an option to disable all the protections, and all the idiots would use that.
I'm not sure you fully understood my suggestion. Just to clarify, it's to add a feature, not remove one. There's nothing inherently idiotic about giving AI access to a CLI; what's idiotic is giving it access to your CLI.
It's also not literally called "YOLO mode" universally. Cursor renamed it to "Auto-Run" a while back, although it does at least run in some sort of sandbox by default (no idea how it works offhand or whether it adds any meaningful security in practice).
Unless literally everything you work on is oss I can’t understand why anyone would give cli access to an llm, my presumption is that any ip that I send to an api endpoint is as good as public domain.
I agree that that's a concern, which is why I suggested that a strict firewall around the agent machine/VM would be optimal.
Either way, if the alternative is the code not getting written at all, or having to make other significant compromises, the very edge case risk of AI randomly exfiltrating your code can be an acceptable trade in many cases. Arguably it's a lower risk than it would be with an arbitrarily chosen overseas developer/agency.
But again, I would very much like to see the tools providing this themselves, because the average user probably isn't going to do it on their own.