What I meant to say was, the agents (like Claude Code) often have a "Allow all instances of this command in the session," and that persists to a whitelist for that session. The mechanic here is actually just a prefix match, so `API_KEY=... diff_command` also matches, allowing the agent to reuse the key without asking me.
This file also sticks around, so I had another agent read the whitelist and the conversation transcript and do other things automatically without approval.
> if it's not okay for the agent to know the API key permanently, why is it okay for the agent to have one-off use of something that requires the same key?
Read commands vs. write commands. I'm okay having the agent fetch info for me, but I want to approve any state changes.
One insidious thing is whitelists. If you allow the bot to run a command like `API_KEY=fdafsafa docker run ...`, then the API_KEY will be written to a file, and the agent can then read that in future runs. That bit me once already.
True. But it can help me create a lot of useful text so I can represent my self better.
I do wonder what happens when everyone is using agents for this, though. If AI produces the text and AI also reads the text, then do we even need the intermediary at all?
It makes sense that SAST is better for the provided task. The CWE Top 25 seem like issues focused around patterns. Each one has a strictly enumerated set of vulnerable patterns that you can scan for, and then, the tool's task becomes simply finding an exploitable path to that pattern. This lends itself towards static methods. Every known weakness of LLMs, like hallucinations, needle-in-haystack, and context overflow, show up in this taint-analysis issue.
I also think this is why SAST did much better in Java. Pattern-based vulns + static languages make static taint analysis really powerful. LLMs have no advantage here, while all of their disadvantages are highlighted.
This article doesn't go into issues that LLMs are able to find that traditional SAST isn't. Auth vulnerabilities, for example - privilege escalation is a software pattern but not a code one, and it takes reasoning to build a permissions model and then test it for breaches. Business logic issues are other: ways users can get around usage limits, or get access to premium features or private data.
> the ongoing economic and cultural exchange would have propelled the island towards a different political system
The blocker to this has always been the government refusing to reform. I don't see how increased exchange changes this. If anything, the Cuban government would've blocked any integration that threatens their control.
Robert Caro, in the LBJ series, wrote about how LBJ would use the discomfort of being the bathroom as a negotiating technique and a show of dominance. He would drag senators into the bathroom and force them to listen to him talk as he used the urinal, or force his staffers to take dictation as he took a shit.
Which is also what growth companies do? They reinvest their own earnings along with outside investment, which is the same as nonprofits (via donations).
I love history for that. Just knowing about the past gives me a feeling of connection to places I've never been to or times I'll never get to witness.
As an aside, the Scythians were not in what we'd today consider Persia (Iran). They originated around the north coast of the Black Sea, and extended east and southeast from there along the Eurasian steppe.
Of all the problems in agent security, sandboxing solves the easiest problem.