|
|
|
|
|
|
by ratnaditya
122 days ago
|
|
|
The kernel-level approach is the right answer for protecting the host from the agent — landlock and seatbelt give you deterministic enforcement that the LLM can't reason its way around. What I find interesting is the complementary layer above this: even with a perfect sandbox, you still need application-level policy for what the agent is allowed to do within its permitted scope. A sandboxed agent can still send all your emails or delete all your files if those operations are within its allowed syscalls. The two layers solve different problems and both seem necessary. |
|
|