Hacker News new | ask | show | jobs
by rvz 267 days ago
Fundamentally, there is no difference. Blocking syscalls in a Docker container is nothing new and one of the ways to achieve "sandboxing" and can already be done right now.

The only thing that caught people's attention was that it was applied to "AI Agents".
1 comments
kjok 267 days ago
What is so fundamentally different for AI agents?
link
rvz 267 days ago
Other than the current popular thing which is "AI agents", like all programs, it changes absolutely nothing.
link
Yoric 267 days ago
The fact that the first thing people are going to do is punch holes in the sandbox with MCP servers?
link