top | item 46105932

(no title)

I don’t think there is a solution. It’s the way LLMs work at a fundamental level.

It’s a similar reason why they can never be trusted to handle user input.

They are probabilistic generators and have no real delineation between system instructions and user input.

It’s like I wrote a JavaScript function where I concatenated the function parameters together with the function body, passed it to eval() and said YOLO.

discuss

viraptor|3 months ago

> I don’t think there is a solution.

Sandboxing. LLM shouldn't be able to run actions affecting anything outside of your project. And ideally the results should autocommit outside of that directory. Then you can yolo as much as you want.

smaudet|3 months ago

The danger is that the people most likely to try to use it, are the people most likely to misunderstand/anthropomorphize it, and not have a requisite technical background.

I.e. this is just not safe, period.

"I stuck it outside the sandbox because it told me how, and it murdered my dog!"

Seems somewhat inevitable result of trying to misapply this particular control to it...

gausswho|3 months ago

I've been using bubblewrap for sandboxing my command line executables. But I admit I haven't recently researched if there's a newer way people are handling this. Seems Firejail is popular for GUI apps? How do you recommend, say, sandboxing Zed or Cursor apps?

dfedbeef|3 months ago

If they're that unsafe... why use them? It's insane to me that we are all just packaging up these token generators and selling them as highly advanced products when they are demonstrably not suited to the tasks. Tech has entered it's quackery phase.