[txprog]

This is why kernel-level sandboxing matters. I use a sandbox name greywall that enforce filesystem/network isolation at the syscall level (Landlock + Seccomp + eBPF on linux, sandbox-exec on mac).

I do disagree about unix system were designed for this kind of stuff. Unix was not designed for an agent to act like you and take decision for you...

[gadflyinyoureye]

I think it depends on your philosophical approach to agency or personas. Unix groups allowed individuals to share directories with various levels of access. The assumption was those were people. Agents are philosophically people in so far as they exercise agency. They can do things via the file system. They are just non organic agents. The basic Unix permission system can still work with them.

[throwatdem12311]

The entire Von Neumann architecture is not suitable for agents.

Putting data and instructions in the same memory was always a bad idea - LLMs just took this to the extreme by making data and instructions the same thing.