HackerTrans
TopNewTrendsCommentsPastAskShowJobs

DesoPK

no profile record

Submissions

Kernhelm: A Linux authority wall for untrusted agents

github.com
2 points·by DesoPK·24 dni temu·0 comments

Make Trust Irrelevant: A Gamer's Take on Agentic AI Safety

github.com
10 points·by DesoPK·5 miesięcy temu·10 comments

comments

DesoPK
·24 dni temu·discuss
[flagged]
DesoPK
·5 miesięcy temu·discuss
You're right. Players are in a sandbox and they only have access to what they have been given rights to. The game analogy isn’t about confidential material, it’s about adversarial incentives under fixed mechanics. In games you don’t rely on “good behavior” because players will explore every edge the rules allow.

In agentic systems, the agent often has privileged material by design (API keys, local files, browser cookies, tokens, credentials, docs) plus high-leverage actions (shell, package manager, cloud control planes). That combination is exactly why ambient authority without hard boundaries is dangerous.

The point is threat modeling: "don’t rely on intent, rely on boundaries." The paper argues for reduce-only, fast-revocable authority at a real enforcement boundary, not userland wrappers.
DesoPK
·5 miesięcy temu·discuss
I agree that UX is the hard part. The point isn’t “pop-up permission dialog every minute.” It’s “remove standing power.” You can make short lived authority feel smoother with scoped permits, pre-approved workflows, clear revocation semantics, and defaults that renew narrowly. The non-negotiable part is that authority can be pulled instantly and cannot silently widen. Convenience matters, but “always-on admin” is convenience paid for with failure.
DesoPK
·5 miesięcy temu·discuss
[dead]
DesoPK
·5 miesięcy temu·discuss
I wrote a short position paper arguing that current agentic AI safety failures are the confused deputy problem on repeat. We are handing agents ambient authority and trying to contain it with soft constraints like prompts and userland wrappers. My take: you need hard, reduce-only authority enforced at a real boundary (kernel control plane class), not something bypassable from userland. Curious how others are modeling this. What constraints do you think are truly non-negotiable?