Comment by KurSix

17 days ago

I'd add that for an ambitious financial tool (like yours), a VM might not be enough. Ideally, agents should run in ephemeral environments (firecracker microVMs) that are destroyed after each task. This solves both security and environment drift issues

2 comments

KurSix

Reply
borenstein  17 days ago

Ah, let me clarify: I'm only using this to help me code faster. There are zero agents in the runtime for the financial tool.

As a matter of fact, the tool is zero-knowledge by design: state is decrypted in your browser and encrypted again before it leaves. There are no account integrations. The persistence layer sees noise. There are a couple of stateless backend tools that transiently see anonymous data to perform numerical optimizations.

But that's a story for another Show HN...

  • KurSix  8 days ago

    Copy that, Zero-Knowledge is the gold standard, kudos. But this brings us back to the Supply Chain risk If the agent (writing the code) is in YOLO mode, the risk shifts from "runtime exploitation" to "build-time backdoor injection". Hypothetically an agent could "accidentally" weaken the RNG in your crypto layer or leak keys via JS console logs. So isolating the dev environment here protects the integrity of your ZK promise

    Looking forward to the Show HN on the tool itself!