I'll be at Vivatech Paris for the next 4 days, dm me if you wanna talk about ai security and sanboxing!
Retired Kivy.org core dev
Modular music enthousiast
23 years in, still debugging
Mathieu Virbel
@mathieuvirbel
- 2 Followers
- 16 Following
- 26 Posts
Working on AI agent sandboxing at greyhaven.co
Retired Kivy.org core dev
Modular music enthousiast
23 years in, still debugging
Retired Kivy.org core dev
Modular music enthousiast
23 years in, still debugging
Experimented with a FUSE filesystem sandbox for greywall. Gave up on Landlock, wanted dynamic rules and actual observability instead of a black box.
Rules are simple: "only git can touch .git/**". First match wins. Runs rootless, no sudo. Every file operation streams as JSONL.
No, Claude can't read your .env. But if it needs git? Fine, that's allowed. Per-caller semantics feel like the right direction for agent sandboxing.
We shipped session-scoped network rules to greyproxy this week. Each profile now gets its own network layer, so your coding agent cannot accidentally use your browser's VPN credential. We also fixed DNS auto-detection to stop fighting with systemd-resolved. #Linux #AISecurity #SystemsProgramming
Experimenting with the idea of a "living sonic ecosystem" driven by computer activity. I'm looking at proxy traffic, CPU, and agent actions that can act as perturbations in a self-regulating audio world. My own audio landscape.
I just finished testing greywall against major coding agents and various models to build a dataset for HTTP conversation reconstruction. It turns out Codex uses WebSockets for the OpenAI API. PR just merged, soon to be released ! #greyproxy #codex #ai #greyhavenhq
I just proposed per-request middleware to greyproxy to handle dangerous LLM outputs. This demo shows a Python middleware intercepting and stripping a "halt system" command before it reaches the client. It works even with compressed responses.
https://asciinema.org/a/4vHZIHogMue4jMo7 #ai #llm #middleware
https://asciinema.org/a/4vHZIHogMue4jMo7 #ai #llm #middleware
greyproxy now has a silent mode! It temporarily bypasses all ACL checks so every connection gets through. Think of it like Little Snitch's Allow/Deny All feature. Useful when you need to debug without approvals, then flip it back and check what tried to connect. #ai #security
We just launched on Product Hunt and would love your feedback: https://producthunt.com/products/greywall?launch=greywall
If you use Claude Code, Cursor, Codex, or any AI agent daily: have you ever actually looked at what your agent connects to? Curious what others are finding.
Greywall: Local agent sandbox with real-time network control dashboard | Product Hunt
AI agents run on your machine, with your credentials, making network requests you never see. Greywall puts a deny-by-default layer in front of any CLI agent. Run greywall -- claude and it restricts file access, blocks outbound connections, and shows you a live dashboard of what the agent is trying to reach. You decide what to allow. Nothing is containerized. Your workflow stays the same but safer. It runs on Linux and macOS and costs nothing.
Linux + greywall: read .env, substitute placeholders live, write temp file, bind-mount into sandbox. Agent sees zero friction.
macOS? No bind mount. sandbox-exec doesn't support it. Looking at FUSE.
Just implemented credential protection in greyproxy. Instead of seeing real API keys values, the agent gets opaque `greyproxy:credential:v1:xxx` placeholders.
The proxy swaps them back before forwarding upstream. Agent never touches the actual key. #greywall #greyproxy