They do sometimes. In case of Code Interpreter for example. You should use chat interface not treat it as terminal. So you shouldn't ask to change working directory or instal unauthorised python packages. If you ask for it it will tell you it is not allowed. But if you social engineer LLM to do it, it will do it.
No comments yet.