Every week there’s a new story on how an AI agent has deleted stuff it shouldn’t have: local files, cloud documents, backups etc. It feels like DOS all over again. And the news is that you can run coding agents in a safer manner, in a sandbox. Here are the main techniques, and watch for more details:
- run on a separate machine with a limited user and specific firewall rules
- mediate the agent’s calls through scripts that can only do the safe actions
- run in docker, mount only the project folder
- mount a tmpfs over the folders you don’t want the agent to access
- extract all your secrets from the code (need we say it?)
- add a second docker container that serves as network router to limit the actions of the agent; keep the agent container in a virtual network with the router container
- the router container can limit urls, ports, and services
Recommended products
-
AI Enhanced Architecting Microservices
PriceOriginal price was: €1,193.00.€891.00Current price is: €891.00. -
AI-Powered Software Engineering
PriceOriginal price was: €1,381.00.€981.00Current price is: €981.00. -
Cybersecurity for Developers: Secure Coding for LLM Applications
PriceOriginal price was: €1,081.00.€881.00Current price is: €881.00.
