That's the fun part! You spend all day hardening it... run it in docker in a vm on a separate machine. And then you hook it up to your gmail and give it unrestricted internet access :)
Let’s be honest. The whole thing is just the prevent Claude from “rm -rf / “.
It’s it someone is trying to avoid the thing talking to the internet or reading your emails, it’s just that it sometimes has the strange itch to change some files outside of the project.
It is more like getting in the car with Stuntman Mike. The risk is not that the driver might make a mistake but that it actively turns against you and a container is not a security boundary against an adversary.
The nature of these tools is that you tell them not to jump off a cliff, so they ride the bicycle over it. Or a car. Or "you're completely right. I assumed it was possible to fly". Or...
I’m not sure what docker is helping with that an unprivileged Linux user account doesn’t already do. The scary stuff with claws is unrelated to process isolation.
That's the fun part! You spend all day hardening it... run it in docker in a vm on a separate machine. And then you hook it up to your gmail and give it unrestricted internet access :)
https://xkcd.com/1200/
An exciting bet on whether the prompt injection will come from the open web or via email!
Let’s be honest. The whole thing is just the prevent Claude from “rm -rf / “.
It’s it someone is trying to avoid the thing talking to the internet or reading your emails, it’s just that it sometimes has the strange itch to change some files outside of the project.
Wearing a seatbelt will not protect you from all kinds of car accidents.
Yes. That's why you don't put a Clown behind the steering wheel.
It is more like getting in the car with Stuntman Mike. The risk is not that the driver might make a mistake but that it actively turns against you and a container is not a security boundary against an adversary.
1 reply →
Tesla Robotaxi says hold my beer
Wearing a helmet will not protect you from all injuries caused by jumping off a cliff.
Point is, don't jump off a cliff.
The nature of these tools is that you tell them not to jump off a cliff, so they ride the bicycle over it. Or a car. Or "you're completely right. I assumed it was possible to fly". Or...
1 reply →
I’m not sure what docker is helping with that an unprivileged Linux user account doesn’t already do. The scary stuff with claws is unrelated to process isolation.