A lot of the commenters here say they’re running Claude or other harnesses inside a VM or with various permissions and levels of access.

Am I weird or missing something using pi as my regular harness with gpt models or kimi in essentially yolo mode with mostly all system access? I haven’t experienced negative consequences of this.. yet.. and I don’t know I’d if I will? I don’t think I’m ever letting an agent run For more than 5 minutes before it’s done with the current small task.

I run totally unprotected with gpt5.4/5. I've been through thousands of dollars worth of API tokens through both copilot and custom harnesses that have local admin and arbitrary powershell access. I've never seen anything that could even remotely be construed as malicious.

I see a lot of people making a really big deal about safety and sandboxing while I'm busy getting shit done. If you can't handle your current source code checkout getting screwed up by a bad prompt, that's on you 1000%. Source control is the answer for anything information over time.

Unless you intentionally try to make a scene, these models aren't going to go fuck with your system shell or do anything you couldn't recover from in a few minutes. Connecting chatgpt to the enterprise sql server as sysadmin is not what I'm advocating for. This is another example of "on you, not the AI". There's a tiny amount of nuance you can apply at the edges that makes it easy to allow broad access with negligible risk.