WingNews logo WingNews
top | item 46863375

(no title)

uxhacker | 27 days ago

So the question is can you do anything useful with the agent risk free.

For example I would love for an agent to do my grocery shopping for me, but then I have to give it access to my credit card.

It is the same issue with travel.

What other useful tasks can one offload to the agents without risk?

discuss

order

johnsmith1840|27 days ago

The solution is proxy everything. The agent doesn't have an api key, or yoyr actual credit card. It has proxies of everything but the actual agent lives in a locked box.

Control all input out of it with proper security controls on it.

While not perfect it aleast gives you a fighting chance when your AI decides to send a random your SSN and a credit card to block it.

zbentley|26 days ago

> with proper security controls on it

That's the hard part: how?

With the right prompt, the confined AI can behave as maliciously (and cleverly) as a human adversary--obfuscating/concealing sensitive data it manipulates and so on--so how would you implement security controls there?

It's definitely possible, but it's also definitely not trivial. "I want to de-risk traffic to/from a system that is potentially an adversary" is ... most of infosec--the entire field--I think. In other words, it's a huge problem whose solutions require lots of judgement calls, expertise, and layered solutions, not something simple like "just slap a firewall on it and look for regex strings matching credit card numbers and you're all set".

krainboltgreene|26 days ago

> The solution is proxy everything.

Who knew it'd be so simple.

stickfigure|26 days ago

Unfortunately I don't think this works either, or at least isn't so straightforward.

Claude code asks me over and over "can I run this shell command?" and like everyone else, after the 5th time I tell it to run everything and stop asking.

Maybe using a credit card can be gated since you probably don't make frequent purchases, but frequently-used API keys are a lost cause. Humans are lazy.

bretpiatt|26 days ago

The solution exists in the financial controls world. Agent = drafter, human = approver. The challenge is very few applications are designed to allow this, Amazon's 1-click checkout is the exact opposite. Writing a proxy for each individual app you give it access to and shimming in your own line of what the agent can do and what it needs approval is a complex and brittle solution.

sebmellen|27 days ago

With the right approval chain it could be useful.

jondwillis|27 days ago

The agent is tricked into writing a script that bypasses whatever vibe coded approval sandbox is implemented.

xXSLAYERXx|27 days ago

Imagine how specific you'd have to be to ensure you got the actual items on your list?

cgriswald|26 days ago

You won’t get them anyway because the acceptable substitutions list is crammed with anything they think they can get away with and the human fulfilling the order doesn’t want to walk to that part of the store. So you might as well just let the agent have a crack at it.