HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dreamiurg

no profile record

Submissions

Reducing Attack Surface for AI Agents with Process-Scoped Credentials

dreamiurg.net
1 points·by dreamiurg·há 5 meses·1 comments

Where the Work Goes When Agents Arrive

dreamiurg.net
1 points·by dreamiurg·há 5 meses·3 comments

comments

dreamiurg
·há 4 meses·discuss
Yes, it's surely possible, but a well-designed CLI or any tool of that matter would be efficient when it comes to the context size.
dreamiurg
·há 5 meses·discuss
AI coding agents inherit your shell environment, which means every secret in your env vars and dotfiles is one prompt injection away from exfiltration. I wrote up a quick post the low-cost method to reduce the attack surface. It does not prevent the problem completely, but combined with other classical mitigations like sandboxing it can surely help to reduce the chances of pwnage.

I'd be curious to learn what else you all are doing in this domain.
dreamiurg
·há 5 meses·discuss
Author here. I wrote this mostly to sanity-check myself after a few recent conversations. It's not advice and I'm not selling anything. I pulled some numbers from my own logs and tried to describe what actually shifted for me.

These are just my thoughts and patterns from one workflow. I'm sharing because I'm curious whether any of it matches what others are seeing, or if your experience is somewhat/completely different.