[codingdave]

Don't give it root access.

That answer hasn't changed since day one of LLMs, despite some of the thing people are attempting to build these days: If you don't want to get in trouble, don't give LLMs access to anything that can cause actual harm, nor give them autonomy.

[lielcohen]

Sure, that works today. But Meta is cutting 20% of its workforce. So is everyone else. The whole bet is that agents replace human work - and that only works if they can actually do things. Deploy, access databases, call APIs.

"Don't give it access" is like saying "don't connect to the internet" in 1995. The question isn't whether agents get these permissions. They will. The question is what happens when they do.

[nine_k]

Let's see how well it works for them. Apparently Salesforce had been a bit overly enthusiastic about layoffs, and recently had to backtrack.

[codingdave]

"Don't connect to the internet" also remains a solid piece of advice for securing your computing resources.

It really doesn't matter what companies are doing. There are some sensible basic practices that make things secure. If people choose not to do those things, for whatever reason, shit will happen.

What you might want to look into is risk management practices. That is where decisions of which risks, consequences, and mitigations best balance the gap between business needs vs. technical constraints.