|
|
|
|
|
|
by shevy-java
12 days ago
|
|
|
Ok but in this case the problem wasn't the AI agent - the AI agent merely took advantage of this prior problem in the first place. For instance, if docker group were not superuser-like, that issue could not have happened. > Nothing short of sandboxing everything or just never using AI agents But the problem was not the AI agent. Sandboxing is quite neat though; I remember on GoboLinux the idea of AlienFS to have every application run in a sandboxed manner, so it would only see other programs it needs, but never more than that. I consider it a better engineering focus to have this as minimal layer, even outside of security-related concerns. |
|
|