Comment by xyzzy123 9 days ago The real sandbox is not caring if your computer gets bricked. 7 comments xyzzy123 Reply AdamN 9 days ago The machine is no big deal - it's the authn/authz that matters. What can the agents do with the credentials available to them? petesergeant 9 days ago Less if you use something like https://agentblocks.ai so they don’t actually get the creds _345 9 days ago way worse things can happen than your machine being bricked, if a malicious actor can weaponize an agent to do their bidding rfw300 9 days ago > if a malicious actor can weaponize an agent to do their biddingIn my experience, human employees are much more vulnerable to this particular weakness than frontier agents (i.e. phishing attacks). _345 9 days ago I'm not letting Jenna from HR log into my personal machine with access to all of my lifelong data though. I do let my claude bypass permissions though dumbdumb125 9 days ago the solution to both of these is the same thing. vps with accounts for all the services specific to the agent (github and whatever else) bornfreddy 9 days ago That's actually a great idea! Easier to setup and use than VM (hello ssh), safer than docker, and still pretty cheap. Thank you for the idea!
AdamN 9 days ago The machine is no big deal - it's the authn/authz that matters. What can the agents do with the credentials available to them? petesergeant 9 days ago Less if you use something like https://agentblocks.ai so they don’t actually get the creds
petesergeant 9 days ago Less if you use something like https://agentblocks.ai so they don’t actually get the creds
_345 9 days ago way worse things can happen than your machine being bricked, if a malicious actor can weaponize an agent to do their bidding rfw300 9 days ago > if a malicious actor can weaponize an agent to do their biddingIn my experience, human employees are much more vulnerable to this particular weakness than frontier agents (i.e. phishing attacks). _345 9 days ago I'm not letting Jenna from HR log into my personal machine with access to all of my lifelong data though. I do let my claude bypass permissions though dumbdumb125 9 days ago the solution to both of these is the same thing. vps with accounts for all the services specific to the agent (github and whatever else) bornfreddy 9 days ago That's actually a great idea! Easier to setup and use than VM (hello ssh), safer than docker, and still pretty cheap. Thank you for the idea!
rfw300 9 days ago > if a malicious actor can weaponize an agent to do their biddingIn my experience, human employees are much more vulnerable to this particular weakness than frontier agents (i.e. phishing attacks). _345 9 days ago I'm not letting Jenna from HR log into my personal machine with access to all of my lifelong data though. I do let my claude bypass permissions though
_345 9 days ago I'm not letting Jenna from HR log into my personal machine with access to all of my lifelong data though. I do let my claude bypass permissions though
dumbdumb125 9 days ago the solution to both of these is the same thing. vps with accounts for all the services specific to the agent (github and whatever else) bornfreddy 9 days ago That's actually a great idea! Easier to setup and use than VM (hello ssh), safer than docker, and still pretty cheap. Thank you for the idea!
bornfreddy 9 days ago That's actually a great idea! Easier to setup and use than VM (hello ssh), safer than docker, and still pretty cheap. Thank you for the idea!
The machine is no big deal - it's the authn/authz that matters. What can the agents do with the credentials available to them?
Less if you use something like https://agentblocks.ai so they don’t actually get the creds
way worse things can happen than your machine being bricked, if a malicious actor can weaponize an agent to do their bidding
> if a malicious actor can weaponize an agent to do their bidding
In my experience, human employees are much more vulnerable to this particular weakness than frontier agents (i.e. phishing attacks).
I'm not letting Jenna from HR log into my personal machine with access to all of my lifelong data though. I do let my claude bypass permissions though
the solution to both of these is the same thing. vps with accounts for all the services specific to the agent (github and whatever else)
That's actually a great idea! Easier to setup and use than VM (hello ssh), safer than docker, and still pretty cheap. Thank you for the idea!