- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
cross-posted from: https://infosec.pub/post/47200357
One critic called the move “petulance beyond measure.”
cross-posted from: https://infosec.pub/post/47200357
One critic called the move “petulance beyond measure.”
I see it as a funny prank
If you’re a dev you’re using git so you can revert that in minutes
And if you’re a dev you’re definitely not running an agent with
rmin the command whitelistYep. If your AI is set up to be able to cripple your machine or worse, you deserve it.
But I know too many people who are bored to shit to individually vet and permit dangerous AI actions and gave the machine broad permissions.
I give agents full el command execution access. Inside their VM, which doesn’t connect to any external DB or API (or at least, not critical /production ones) And I take periodic snapshots of all the files on the workspace.
Honestly those measures were the standard for me way before LLMs were a thing. Those who have broad permissions to production or when their machine were asking for this to happen, no agents required.