[Arcuru]

I run a home-grown 'Agent' by just making a local user on my linux box. I treat it like an untrusted local user, I only give it scoped API keys, and manage permissions just like any other thing. I have a NixOS machine and I have the Agent setup to just use home-manager to manage itself and its timers and deps and stuff inside its own config.

It would be insane to run a full fledged Agent from your own accounts, with the same access as yourself. At the same time running it fully scoped inside a container/VM seemed a little bit too heavy handed to me and the Agent-as-user seems like a better fit for me right now. (I did run my coding agents inside a microVM for a while but ran into a few too many annoyances)

[cyanydeez]

arent the recent RCE vulnerabilities the agent as user equally vulnerable to, just way more obscured. id be curious if someone has tried a prompt injection form of attack.

its kinda amusing to think if something like mythos actually is a competent malware expert, then users of it could easily be vupnerable to prompt injection attacks.

[nullc]

Better to run a simple full virtual machine. It's easy to spin one up on any modern linux distro (okay, not as easy it is in Qubes-- only three mouse clicks, but still pretty easy).

There are many advantages of running it in a VM: really clean and strong sandboxing and it's easy to put that VM behind its own VPN / firewall external to the VM to reduce the escape risk.). It's also handy if you run a different distro than the agent ecosystem, since you can just run whatever OS works best for the agent.

[souvik1997]

What were the annoyances you faced?