Comment by buu700

I agree that that's a concern, which is why I suggested that a strict firewall around the agent machine/VM would be optimal.

Either way, if the alternative is the code not getting written at all, or having to make other significant compromises, the very edge case risk of AI randomly exfiltrating your code can be an acceptable trade in many cases. Arguably it's a lower risk than it would be with an arbitrarily chosen overseas developer/agency.

But again, I would very much like to see the tools providing this themselves, because the average user probably isn't going to do it on their own.