Remix.run Logo
HarHarVeryFunny 2 hours ago

If you're using a coding agent then obviously you need to either serve the model yourself or trust whoever you are sending your data to.

In terms of WHAT you need to be concerned about, it seems it goes far beyond code, and far beyond having to trust your model provider.

A coding agent with access to a bash tool is going to have access to anything that a human with a bash prompt would, and even if you try to provide a nailed down sandbox environment for the agent, you still need to be concerned about things like unencrypted passwords and keys that it may be able to find "laying around" in code or databases/etc it has access to.

I'm surprised there haven't yet been more widely disseminated stories about coding agents and claw-bots wreaking havoc.