Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
WhyNotHugo 3 hours ago

You use YOLO mode inside some sandbox (VM, container). Give the container only access to the necessary resources.

jdkoeck an hour ago | parent | next [-]

But even then, the agent can still exfiltrate anything from the sandbox, using curl. Sandboxing is not enough when you deal with agents that can run arbitrary commands.

TheDong 40 minutes ago | parent | next [-]

It depends on what you're trying to prevent.

If your fear is exfiltration of your browser sessions and your computer joining a botnet, or accidental deletion of your data, then a sandbox helps.

If your fear is the llm exfiltrating code you gave it access to then a sandbox is not enough.

I'm personally more worried about the former.

jdkoeck 12 minutes ago | parent [-]

Code is not the only thing the agent could exfiltrate, what about API keys for instance? I agree sandboxing for security in depth is good, but it’s not sufficient and can lull you into a false sense of security.

philipp-gayret an hour ago | parent | prev [-]

That depends on how you configure or implement your sandbox. If you let it have internet access as part of the sandbox, then yes, but that is your own choice.

jdkoeck 3 minutes ago | parent [-]

Internet access is required to install third party packages, so given the choice almost no one would disable it for a coding agent sandbox.

In practice, it seems to me that the sandbox is only good enough to limit file system access to a certain project, everything else (code or secret exfiltration, installing vulnerable packages, adding prompt injection attacks for others to run) is game if you’re in YOLO mode like pi here.

Maybe a finer grained approach based on capabilities would help: https://simonwillison.net/2025/Apr/11/camel/

jFriedensreich 36 minutes ago | parent | prev [-]

apart from nearly no one using vms as far as i can tell, even if they were, a vm does not magically solve all the issues, its just a part of the needed tools.