← Back to context

Comment by nibbleyou

8 hours ago

I have only worked in startups and I have been an early engineer in both of them. I would always get high privileges within a short time where I would have the access to create and delete resources. I don't think it's that uncommon.

13 comments

nibbleyou

Reply
indentit  8 hours ago

But the correct way to do it is to have a separate account with more privileges, and only give AI access to your standard developer account

  • trick-or-treat  4 hours ago

    That's one way to do it, how about backup to a remote location every hour? There's more than one way to be careful.

  • digitaltrees  7 hours ago

    I have personally seen AI bypass this multiple times.

    • giancarlostoro  6 hours ago

      Sounds like they're still giving the model the keys to the kingdom, which is my point, stop giving the model the avenue to do catastrophic mistakes, it makes no sense.

      2 replies →

    • Terr_  7 hours ago

      We kinda need to architect things with the assumption that all token-output from an LLM can be unpredictably sneaky and malicious.

      Alas, humans suck at constant vigilance, we're built to avoid it whenever possible, so a "reverse centaur" future of "do what the AI says but only if you see it's good" is going to suck.

      1 reply →

eecc  7 hours ago

I would never have these privileges granted directly to my account.

Indeed it’s a good practice to use roles where supported (AWS has them) and explicitly switch when needed

  • maccard  5 hours ago

    The problem with agents is they regularly sidestep the guardrails and do what they want with a script anyway. The number of times I’ve seen Claude try to escape the folder it’s working in, and then for it to write a python script that does exactly what I told it it’s not allowed do supports that.

    If you use SSO and have an AWS config that Claude is allowed to see to get the correct role in the first place, it will just pick the role and plough on anyway.

    • bigstrat2003  5 hours ago

      And this is why it is the height of irresponsibility to run LLMs on your system. We know they are unreliable and just make things up; it's extremely foolish to go "yeah I'm going to let that run commands".

      1 reply →

ramraj07  7 hours ago

The first step I do when I do any meaningful side project is to set up rds with snapshots. So any startup that doesnt do this one basic step already deserves to fail in my opinion.

Then next I've used AI agents like crazy, we even have linked mcp servers that let it query on the dev database. Haven't seen it try deleting everything a single time. I haven't seen any agent try to do anything destructive. Ever. Perhaps its just reflecting an outrageously bad engineer and nothing else.