| ▲ | turnsout 5 hours ago | |
Honestly it sounds like they went above and beyond. Does this solve the trifecta, or is the network still exposed via connectors? | ||
| ▲ | simonw 3 hours ago | parent [-] | |
Looks like the Ubuntu VM sandbox locks down access to an allow-list of domains by default - it can pip install packages but it couldn't access a URL on my blog. That's a good starting point for lethal trifecta protection but it's pretty hard to have an allowlist that doesn't have any surprise exfiltration vectors - I learned today that an unauthenticated GET to docs.google.com can leak data to a Google Form! https://simonwillison.net/2026/Jan/12/superhuman-ai-exfiltra... But they're clearly thinking hard about this, which is great. | ||