FRESH

Hacker News

Ask HN: Why are so many rolling out their own AI/LLM agent sandboxing solution?

14 points by ATechGuy

by varshith17

0 subcomment

Same reason everyone rolled their own auth in 2010, the problem is simple enough to DIY badly, complex enough that no standard fits everyone. My Claude Code needs SSH access but not rm. Your agent needs filesystem writes but not network. There's no "OAuth for syscalls" yet.

by kaffekaka

0 subcomment

Speaking for myself, a bash script and a Dockerfile (coupled with dedicated user on linux system) seemed simpler than discovering and understanding some other, over complicated tool built by someone else. Example: a coworker vibe coded a bloated tool but it was not adapted to other OS:s than his own, it was obviously LLM generated so neither one of us actually knew the code, etc. My own solution has shortcomings too but at least I can be aware of them.
It simply feels as if there is no de facto standard yet (there surely will be).

by verdverm

1 subcomments

I started building my own agent when I became frustrated with copilot not reading my instruction files reliably. Looked at the code, and wouldn't you know they let the LLM decide...
Once started down this path, I knew I was going to need something for isolated exec envs. I ended up building something I think is quite awesome on Dagger. Let's me run in containers without running containers, can get a diff or rewind history, can persist and share wvia any OCI registry.
So on one hand, I needed something and chose a technology that would offer me interesting possibilities, and on the other I wanted to have features I don't expect the likes of Microsoft to deliver with Copilot, only one of which is my sandbox setup.
I'm not sure I would call it rolling my own completely, I'm building on established technology (OCI, OCR)
I don't expect a standard to arise, OCI is already widely adopted and makes sense, but there are other popular techs and there will be a ton of reimplementations by another name/claim. The other half of this is that AI providers are likely to want to run and charge money for this, I personally expect more attempts at vendor lock in in this space. In example, Anthropic bought Bun and I anticipate some product to come of this, isolation and/or canvas related

by rvz

1 subcomments

This is no different to people rolling their own and DIY'ing custom cryptography, which is absolutely not recommended.
The question is how easy is it to bypass these DIY 'sandboxes'?
As long as there is a full OS running, you are one libc function away from a sandbox escape.