undefined | Better HN

0 pointsheliumtera2mo ago0 comments

What would you consider a tight sandboxed without exfiltration vectors? Agents are used to run arbitrary compute. Even a simple write to disk can be part of an exfiltration method. Instructions, bash scripts, programs written by agents can be evaluated outside the sandbox and cause harm. Is this a concern? Or, alternatively, your concern is what type of information can leak outside of that particular tight sandbox? In this case I think you would have to disallow any internet communication besides the LLM provider itself, including the underlying host of the sandbox.

You brought this up a couple of times now, would appreciate clarification.

0 comments

TeMPOraL2mo ago

> In this case I think you would have to disallow any internet communication besides the LLM provider itself, including the underlying host of the sandbox.

And the user too, because a human can also be prompt-injected! Prompt injection is fundamentally just LLM flavor of social engineering.

j / k navigate · click thread line to collapse

0 pointsheliumtera2mo ago0 comments

You brought this up a couple of times now, would appreciate clarification.

0 comments

TeMPOraL2mo ago

> In this case I think you would have to disallow any internet communication besides the LLM provider itself, including the underlying host of the sandbox.

And the user too, because a human can also be prompt-injected! Prompt injection is fundamentally just LLM flavor of social engineering.

j / k navigate · click thread line to collapse