top | item 47044372

(no title)

ryanrasti | 13 days ago

> decades ago securesm OSes tracked the provenience of every byte (clean/dirty), to detect leaks, but it's hard if you want your agent to be useful

Yeah, you're hitting on the core tradeoff between correctness and usefulness.

The key differences here: 1. We're not tracking at byte-level but at the tool-call/capability level (e.g., read emails) and enforcing at egress (e.g., send emails) 2. Agent can slowly learn approved patterns from user behavior/common exceptions to strict policy. You can be strict at the start and give more autonomy for known-safe flows over time.

discuss

botusaurus|13 days ago

what about the interaction between these 2 flows:

- summarize email to text file

- send report to email

the issue is tracking that the first step didnt contaminate the second step, i dont see how you can solve this in a non-probabilistic works 99% of the time way

ryanrasti|12 days ago

I think what you're saying is agent can write to an intermediate file, then read from it, bypassing the taint-tracking system.

The fix is to make all IO tracked by the system -- if you read a file it has taints as part of the read, either from your previous write or configured somehow.