[neilv]

I bet you're right. This is one kind of thing you need a meticulous programmer to do. But instead, I'd guess most AI-dogfooding engineering organizations in the near future will be taking a vibe-code-it-and-AI-red-team-it approach.

I don't trust sandbox claims from those companies, and only run CLI-ish code on workstation inside a full VM (not even a container).

[cassianoleal]

> not even a container

Genuinely curious, what specific threats are you thinking about when you make this choice?

[neilv]

Mainly routine software supply chain attacks to unexamined dependencies pulled in by a mess of vibe-coding.

(Though it would also give some protection against growth hacking or kludge expedience that goes a little too naughty. We're already seeing some questionable behavior there, as some rush to get their functionality working first.)

Since containers are for fairly trusted code, and relatively easy to break out of, compared to a good VM.