Comment by suchar
1 month ago
This is not privilege separation/sandboxing. Separate virtual machine for an agent with limited credentials is reasonably safe approach
1 month ago
This is not privilege separation/sandboxing. Separate virtual machine for an agent with limited credentials is reasonably safe approach
I built www.propelcode.app with separate Linux containers, unless you disconnect the container and your computer from the internet the models can escape the sandbox and get information off of your machine.
I am open to being corrected and learning from you if you have a better method of sandboxing
The best way to use LLMs is via tmux where it's running on a disposable VM. 0 chance of it getting information from your local machine.
I am using tmux but not disposable vm. I have thought about something like that but honestly some of the debugging work makes ephemeral environments hard to work with. How are you doing that in your workflow?