Hacker News new | past | comments | ask | show | jobs | submit login

I think that people are just not ready for the sort of novel privilege escalation we are going to see with over-provisioned agents. I suspect that we will need OS level access gates for this stuff, with the agents running in separate user spaces. Any recommended best practices people are establishing?



The hard part is stopping it leaking all the information that you've given it. An agent that can read and send emails can leak your emails, etc. One agent that can read emails can prompt inject a second agent that can send emails. Any agent that can make or trigger GET requests can leak anything it knows. An agent that can store and recall information can be prompt injected to insert a prompt injection into its own memory, to be recalled and triggered later.


At what point does the impact of the privacy panopticon outweigh the benefit they provide?


> I think that people are just not ready for the sort of novel privilege escalation we are going to see with over-provisioned agents.

I think every single person saw this coming.

> Any recommended best practices people are establishing?

What best practices could there even be besides "put it in a VM"? It's too easy to manipulate.


There are VM escapes so even if you put it in a VM that's no guarantee.

I'd say run it on a separate box but what difference does that makes if you feed the same data to them?


If VM escapes were a big problem the cloud would not be a thing.

But on that note that's probably the best place to run these things.


Applying the Principle of Least privilege [1] you should not let this system download from arbitrary sites and maintain a blacklist. I don't think the field has advanced to the point of having one specific to this use case.

[1] https://en.wikipedia.org/wiki/Principle_of_least_privilege


One of my first thoughts when I saw Computer Use was it needs some secondary agent controlling what the controlled computer is able to do or connect to. Like a firewall configuration agent or something.


Maybe do not pipe matrix math into your shell?


When the underlying black-box is so unreliable, almost any amount of provisioning could be too much.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: