A malicious LiteLLM package landed on PyPI: steal credentials, exfiltrate them, pivot through Kubernetes. But a bug in the payload caused it to fork-bomb itself. It never got past step one. greyhaven.co/insights/how-greywall-prevents-every-stage-of-the-litellm-pypi-supply-chain-attack
#sandboxing
If you're sandboxing with Bubblewrap/namespaces, are you bind-mounting /run read-only? Docker, Podman, and libvirt sockets live in /run (or /var/run symlinked to /run), and Unix socket connections bypass read-only restrictions. #linux #sandboxing #greywall
Turns out GVFS can route file ops through D-Bus, bypassing Landlock entirely. Fixed it in greywall today. Still figuring out how many IPC tunnels are hiding in a standard Linux session. #sandboxing
Gros plan sur le #sandboxing applicatif moderne pour #Linux avec #Landlock dans le nouveau MISC.
Un article à retrouver dans notre numéro actuellement disponible en kiosque & sur boutique.ed-diamond.com/nouveautes/1... (version numérique ou papier avec ports offerts).
𝗔𝗜 𝗜𝗻𝘀𝗶𝗴𝗵𝘁 #𝟰: 𝗦𝗮𝗻𝗱𝗯𝗼𝘅𝗶𝗻𝗴 𝗔𝗴𝗲𝗻𝘁𝘀
As #AI agents such as #OpenClaw, #ClaudeCode, and #OpenCode become more autonomous, sandboxing is critical to minimize the risk from destructive actions. #Sandboxing approaches isolate #agents from sensitive systems. More information: www.tngtech.com/en/about-us/...
#Development #Approaches
Thousand ways to sandbox an agent · Pick one and let your AI agent loose ilo.im/16aig6 by Michael Livshits
_____
#Sandboxing #Security #AI #Agents #CLI #OS #Browser #WebDev #Frontend #Backend
Running Pydantic's Monty Rust sandboxed Python subset in WebAssembly There's a jargon-filled headline for you! Everyone's building sandboxes for running untrusted code right now, and Py...
#javascript #python #sandboxing #ai #rust #webassembly #pyodide #generative-ai #llms […]
Running Pydantic's Monty Rust sandboxed Python subset in WebAssembly There's a jargon-filled headline for you! Everyone's building sandboxes for running untrusted code right now, and Py...
#javascript #python #sandboxing #ai #rust #webassembly #pyodide […]
[Original post on simonwillison.net]
Introducing the Codex app Introducing the Codex app OpenAI just released a new macOS app for their Codex coding agent. I've had a few days of preview access - it's a solid app that provides...
#sandboxing #sqlite #ai #datasette #electron #openai #generative-ai #llms #ai-agents #coding-agents […]
Introducing the Codex app Introducing the Codex app OpenAI just released a new macOS app for their Codex coding agent. I've had a few days of preview access - it's a solid app that provides...
#sandboxing #sqlite #ai #datasette #electron #openai #generative-ai #llms #ai-agents #coding-agents […]
ChatGPT Containers can now run bash, pip/npm install packages, and download files One of my favourite features of ChatGPT is its ability to write and execute code in a container. This feature launc...
#pypi #sandboxing #npm #ai #openai #generative-ai #chatgpt #llms #ai-assisted-programming […]
ChatGPT Containers can now run bash, pip/npm install packages, and download files One of my favourite features of ChatGPT is its ability to write and execute code in a container. This feature launc...
#pypi #sandboxing #npm #ai #openai #generative-ai #chatgpt #llms #ai-assisted-programming […]
ChatGPT Containers can now run bash, pip/npm install packages, and download files One of my favourite features of ChatGPT is its ability to write and execute code in a container. This feature launc...
#pypi #sandboxing #npm #ai #openai #generative-ai #chatgpt #llms #ai-assisted-programming […]
ChatGPT Containers can now run bash, pip/npm install packages, and download files One of my favourite features of ChatGPT is its ability to write and execute code in a container. This feature launc...
#pypi #sandboxing #npm #ai #openai #generative-ai #chatgpt #llms #ai-assisted-programming […]
ChatGPT Containers can now run bash, pip/npm install packages, and download files One of my favourite features of ChatGPT is its ability to write and execute code in a container. This feature launc...
#pypi #sandboxing #npm #ai #openai #generative-ai […]
[Original post on simonwillison.net]
the browser is the sandbox the browser is the sandbox Paul Kinlan is a web platform developer advocate at Google and recently turned his attention to coding agents. He quickly identified the import...
#browsers #javascript #sandboxing #ai #generative-ai #llms #ai-agents #coding-agents […]
Various sandboxing strategies were highlighted to isolate Claude Code. VMs, containers, and OS-level tools like bubblewrap are key. The goal is to limit potential damage from AI's unintended actions or prompt injection attacks. Choose wisely based on risk. #Sandboxing 2/5
Lance o TempFS Um protótipo para orquestrar contêineres temporários para modelos GGUF usando Node.js e Podman.
O projeto foca em ambientes efêmeros e limpeza automática de recursos.
github.com/FabioSmuu/Te...
#AI
#GGUF
#LLM
#LlamaCPP
#NodeJS
#Podman
#Containers
#Ubuntu
#Sandboxing
#Automation
Crucial insight: Sandboxing is paramount for tools like OpenCode. Users stressed isolating development environments to prevent RCEs from compromising host systems. Implement robust isolation as a primary defense against such threats. #Sandboxing 5/6
First impressions of Claude Cowork, Anthropic's general agent New from Anthropic today is Claude Cowork , a "research preview" that they describe as "Claude Code for the rest of you...
#sandboxing #ai #prompt-injection #generative-ai #llms #anthropic #claude #ai-agents #claude-code […]
LLM predictions for 2026, shared with Oxide and Friends I joined a recording of the Oxide and Friends podcast on Tuesday to talk about 1, 3 and 6 year predictions for the tech industry. This is my ...
#predictions #sandboxing #ai #kakapo #generative-ai #llms #oxide #bryan-cantrill […]
LLM predictions for 2026, shared with Oxide and Friends I joined a recording of the Oxide and Friends podcast on Tuesday to talk about 1, 3 and 6 year predictions for the tech industry. This is my ...
#predictions #sandboxing #ai #kakapo #generative-ai […]
[Original post on simonwillison.net]
LLM predictions for 2026, shared with Oxide and Friends I joined a recording of the Oxide and Friends podcast on Tuesday to talk about 1, 3 and 6 year predictions for the tech industry. This is my ...
#predictions #sandboxing #ai #kakapo #generative-ai #llms #ai-assisted-programming #oxide […]
LLM predictions for 2026, shared with Oxide and Friends I joined a recording of the Oxide and Friends podcast on Tuesday to talk about 1, 3 and 6 year predictions for the tech industry. This is my ...
#predictions #sandboxing #ai #kakapo #generative-ai #llms #ai-assisted-programming #oxide […]
A field guide to sandboxes for AI A field guide to sandboxes for AI This guide to the current sandboxing landscape by Luis Cardoso is comprehensive, dense and absolutely fantastic. He starts by dif...
#sandboxing #ai #generative-ai #llms
Origin | Interest | Match
Landlock isn't a replacement for tools like `bwrap`, SELinux, or containers, but a complementary layer. It enhances security within or outside container environments, adding another specific control mechanism to existing setups. #Sandboxing 4/5
Flatpak 1.17 já chegou e reforça a sandbox no Linux com novidades de peso
#API #feedback #Github #https #Intel #isolamento #json #linux #metadados #mundo #root #sandboxing
Are Agentic AI Browsers Safe? For decades together, browsing the web meant combing through static blue links… However, we’ve come a long, long way since “Ask Jeeves” and even traditional se...
#AI #Analytics #Agentic #AI #Browser #anti-phishing #tools #integrate […]
[Original post on sify.com]
Living dangerously with Claude #claude #claudecode #dev #copilot #agent #cybersecurity #sandboxing #promptinjection #generativeai #llms #artificialintelligence #lethaltrifecta
