|
|
|
|
|
|
by uchibeke
102 days ago
|
|
|
Pattern matching is a good start — catching curl | bash before it runs is real value. The hard problem is what happens when the pattern is legitimate but the context isn't: the agent has permission to read files, but not these files, not right now, not without a human in the loop. We ran into this building APort. Blocklists catch the obvious bad stuff but can't express "this tool call is fine for this agent in this workflow, but not from an untrusted prompt chain." That requires identity + policy, not just pattern detection. Happy to compare notes — the category needs more tools like this. |
|
|