WingNews logo WingNews
top | item 46105169

(no title)

modernerd | 3 months ago

IDE = “I’ll delete everything”

…at least if you let these things autopilot your machine.

I haven’t seen a great solution to this from the new wave of agentic IDEs, at least to protect users who won’t read every command, understand and approve it manually.

Education could help, both in encouraging people to understand what they’re doing, but also to be much clearer to people that turning on “Turbo” or “YOLO” modes risks things like full disk deletion (and worse when access to prod systems is involved).

Even the name, “Turbo” feels irresponsible because it focusses on the benefits rather than the risks. “Risky” or “Danger” mode would be more accurate even if it’s a hard sell to the average Google PM.

“I toggled Danger mode and clicked ‘yes I understand that this could destroy everything I know and love’ and clicked ‘yes, I’m sure I’m sure’ and now my drive is empty, how could I possibly have known it was dangerous” seems less likely to appear on Reddit.

discuss

order

kahnclusions|3 months ago

I don’t think there is a solution. It’s the way LLMs work at a fundamental level.

It’s a similar reason why they can never be trusted to handle user input.

They are probabilistic generators and have no real delineation between system instructions and user input.

It’s like I wrote a JavaScript function where I concatenated the function parameters together with the function body, passed it to eval() and said YOLO.

viraptor|3 months ago

> I don’t think there is a solution.

Sandboxing. LLM shouldn't be able to run actions affecting anything outside of your project. And ideally the results should autocommit outside of that directory. Then you can yolo as much as you want.

raesene9|3 months ago

The solution I go for is, don't ever run a coding agent on a general purpose machine.

Use a container or VM, place the code you're working on in the container or VM and run the agent there.

Between the risk of the agent doing things like what happened here, and the risk of working on a malicious repository causing your device to be compromised, it seems like a bad plan to give them access to any more than necessary.

Of course this still risks losing things like the code you're working on, but decent git practices help to mitigate that risk.

theossuary|3 months ago

I really wish these agentic systems had built in support for spinning up containers with a work tree of the repo. Then you could have multiple environments and a lot more safety.

I'm also surprised at the move to just using shell commands. I'd think an equally general purpose tool with a more explicit API could make checking permissions on calls a lot more sensible.

matwood|3 months ago

> …at least if you let these things autopilot your machine.

I've seen people wipe out their home directories writing/debugging shell scripts...20 years ago.

The point is that this is nothing new and only shows up on the front page now because "AI must be bad".

agrounds|3 months ago

Superficially, these look the same, but at least to me they feel fundamental different. Maybe it’s because if I have the ability to read the script and take the time to do so, I can be sure that it won’t cause a catastrophic outcome before running it. If I choose to run an agent in YOLO mode, this can just happen if I’m very unlucky. No way to proactively protect against it other than not use AI in this way.