Agentic workloads create and then run code. You don't want to just run that code in a "normal" environment like a container, or even a very well protected VM. There are other options, ofc - eg. gvisor, crossvm, firecracker, etc, but this one is uncommon enough to have a small number of attackers trying to hack it.

▲

srdjanr 5 hours ago | parent [-]

What's wrong with a well protected VM? Especially compared to something where the security selling point is "no one uses it" (according to your argument; I don't know how secure this actually is)

▲

g947o 4 hours ago | parent [-]

Nothing, but "there are already working options" does not necessarily mean we shouldn't try new (and sometimes weird) things

	▲	cloudfudge 2 hours ago \| parent \| next [-]
		GP says "You don't want to just run that code in ... even a very well protected VM." Why?
	▲	TacticalCoder 2 hours ago \| parent \| prev [-]
		Yeah but GP was answering to a comment saying "you don't want to run code in a well protected VM". Which is of course complete non sense to say and GP was right to question it.