| ▲ | YaeGh8Vo 9 hours ago | |
In my experience, a simple bubblewrap (Linux) or sandbox-exec (macOS) is probably enough and also much less overhead. LLMs agents are not exploiting kernels to get out of the sandbox. The most common issues are them trying to open PRs, or changing files where they shouldn't. | ||
| ▲ | rvz 8 hours ago | parent [-] | |
> LLMs agents are not exploiting kernels to get out of the sandbox. You can't assume that. Attackers with LLMs have enough capabilities to engineer them to build exploits for kernel vulnerabilities [0] or to bypass sandboxes to exfiltrate data [0] in covert ways. It is completely possible to craft a chained attack for an agent to bypass sandboxes even with or without a kernel exploit. From [0] and [1] [0] https://sean.heelan.io/2026/01/18/on-the-coming-industrialis... [1] https://www.promptarmor.com/resources/claude-cowork-exfiltra... | ||