Comment by skybrian
21 days ago
Here are some important differences:
- The players in competitive games don't write code. Coding agents do. When you copy the code outside the sandbox and run it, what permissions does it get?
- Game players usually don't have access to confidential material, so you don't need to prevent them from exfiltrating it.
You're right. Players are in a sandbox and they only have access to what they have been given rights to. The game analogy isn’t about confidential material, it’s about adversarial incentives under fixed mechanics. In games you don’t rely on “good behavior” because players will explore every edge the rules allow.
In agentic systems, the agent often has privileged material by design (API keys, local files, browser cookies, tokens, credentials, docs) plus high-leverage actions (shell, package manager, cloud control planes). That combination is exactly why ambient authority without hard boundaries is dangerous.
The point is threat modeling: "don’t rely on intent, rely on boundaries." The paper argues for reduce-only, fast-revocable authority at a real enforcement boundary, not userland wrappers.