vrn21Jan 28

Show HN: I Built a Sandbox for Agents

https://github.com/vrn21/bouvet.com

GitHub - vrn21/bouvet.com

Contribute to vrn21/bouvet.com development by creating an account on GitHub.

GitHub
Show threaddebarshriJan 28
Can someone elaborate with whats wrong with having containers for sandbox?
Show threadbinsquareJan 28

It's because containers share the kernel with the host. Generally it's just not considered a security boundary. (Note that containers have come a longer way in the security side btw)

So it's a mostly security thing.

Show threaddebarshriJan 28
But in the context of agents. Does it matter?
Show threadtptacekJan 28
Depends. Probably not usually. I've thought about this a bunch and I think the serious "threat" here isn't the agent acting maliciously --- though agents will break out of non-hardened sandboxes! --- but rather them exposing some vulnerability that an actual human attacker exploits.
Show threaddebarshriJan 28
This is a genuine concern. But this sounds a bit independent of the execution environment. It could either be containers or VMs.
Show threadtptacek

On a local machine, yeah, I think it's pretty situational. VMs are safer, but in risk management terms the win is sometimes not that significant.

In a multitenant cloud environment, of course, totally different story.

Jan 28 at 7:23pmWeb