It seems insane to me that so many people are OK with this. Why is it necessary for an agent to upload every bit of data it sees to OpenAI at all? Particularly if my agents can’t remember anything beyond a single session, why should the data exist permanently anywhere but in its original location?
reply> Why is it necessary for an agent to upload every bit of data it sees to OpenAI at all?
replyThe LLM is running at OpenAI. The agent doesn't see anything that doesn't get sent to OpenAI.
It's like running a compiler in the cloud and asking why you need to send your source code to it when you only want the binary to be on your local PC. It's because that's where the processing is going on and it can't process what it can't see.
> why should the data exist permanently anywhere but in its original location?
Sure, they don't necessarily have to retain it permanently.
What is your sandbox approach? Any good guides? Something about asking a LLM for advice on how to sandbox LLMs.....
replyI use this: https://github.com/kstenerud/yoloai
reply yoloai new mysandbox . # Create a sandbox
yoloai attach mysandbox # Attach the sandbox to the current terminal
... (^b^d to disconnect) # It's using tmux to keep the agent alive
yoloai diff mysandbox # See what the agent did
yoloai apply mysandbox # apply its changes to your workdir
yoloai destroy sandbox
yoloai run mysandbox . -p "read issue https://github.com/kstenerud/yoloai/issues/190 and fix it"
yoloai diff mysandbox
yoloai apply mysandbox
yoloai destroy sandboxHow could an agent bypass file permissions?
replyBy exploiting a root escalation.
replyOr just finding a file/dir you forgot to set a tight enough mode on (happens a lot in systems where the default is insecure).