You have an agent running on your local system. You want it to have access to a restricted set of things, both locally and remote. What is the technical mechanism you use to ensure that it has a subset of the access that you, as an individual logged into the same system, do?
(I am uninterested in "Don't run an agent" because while yes I see your point that doesn't mean it's not happening and security professionals have to deal with what's happening not what we want to be happening)
1. Treat it as untrusted software.
2. To start give it no permissions at all.
3. On a case by case basis, grant a single permission or access at a time.
4. Assume that anything you gave it access to is now public information.
Based on what I've seen of the discussion surrounding Claude, I'd likely set it up on physically separate hardware or a separate EC2 instance using an isolated and permission limited account.
Given the current state of this technology, I'm actively avoiding it.
Matthew Garrett
Onno (VK6FLAB)