HackerTrans
TopNewTrendsCommentsPastAskShowJobs

smashini

109 karmajoined geçen yıl
Applied AI Engineer. I paid and do ceramics :) Run an ethical search engine mashinii Now working on governance in AI

Submissions

Show HN: Scan your AI agents for dangerous capabilities

github.com
44 points·by smashini·5 gün önce·19 comments

[untitled]

1 points·by smashini·8 gün önce·0 comments

Is closed source even a moat anymore?

makerchecker.ai
1 points·by smashini·12 gün önce·0 comments

Show HN: Get your agents into regulated industries

github.com
3 points·by smashini·17 gün önce·1 comments

Show HN: I Made OpenClaw Employable

github.com
2 points·by smashini·23 gün önce·1 comments

Show HN: Stop your AI agents from approving their own work

github.com
2 points·by smashini·24 gün önce·1 comments

Can Europe train a frontier AI model on the compute it owns?

github.com
143 points·by smashini·26 gün önce·296 comments

comments

smashini
·5 gün önce·discuss
Part of the cons is offset, if the single maintainer dissapears, nothing a fork can't fix :)
smashini
·5 gün önce·discuss
Yes, but they operate at the OS boundary, but we are defining application/business logic

OS controls answer "can this process make network requests?"

App-level policies answer "is this request, with these parameters, acceptable?"
smashini
·5 gün önce·discuss
Completely agree, though the LLM part of the scanner can help with that contextual part of the analysis.

Runtime enforcement already exists (the embedded governor wraps tool calls in-process); extending it with a quarantined contextual evaluator like you describe would the logical next step.

Thanks for the feedback, actually will raise an issue on that to explore
smashini
·5 gün önce·discuss
[dead]
smashini
·5 gün önce·discuss
The scanner is just one part of the codebase, good for maintaining quality in a pipeline.

There is also @makerchecker/embedded, which has runtime permission primitives you wrap around the agent's actions, so the restraints live in the app exactly like you're describing

Less whack-a-mole, more wrap the risky calls and they're bound
smashini
·5 gün önce·discuss
[dead]
smashini
·5 gün önce·discuss
So Linux can prevent an agent from opening /etc/passwd.

Linux cannot stop an agent from calling:

POST /wire-transfer amount=5,000,000
smashini
·5 gün önce·discuss
should be fixed and released now :)
smashini
·5 gün önce·discuss
I’d say the biggest difference would be: 1. Parameter-aware rules: OS permissions don’t know your application logic. (How would you tell OS permissions not to let your AI to trade on over 1M dollars) 2. You can’t easily model multi-pary and RBAC. 3. Agents call remote APIs for alot of those tools. Native OS doesn’t really parse web traffic to decide if a request is safe or not. OS sandboxing is good for host security, but not necessarily for governing business logic or AI agents
smashini
·5 gün önce·discuss
oopsie doopsie, release pipeline failed fixing now...
smashini
·5 gün önce·discuss
Honestly, amazing stuff. For all the flak that the EU gets this is absolutely an essential regulation
smashini
·5 gün önce·discuss
Hey all :)

I've been working an open-source toolkit to stop AI agents from running amok.

You can scan your code (Python, JS, TS) and it will flag any risks and can offer fixes. It runs offline, but you can wire an LLM to do code analysis as well.

You can run it with:

npx @makerchecker/scan

Would love to get any feedback!
smashini
·5 gün önce·discuss
Reminds me of that buy a pixel website back in the 2000s. Cool concept! blocks are bit small...
smashini
·5 gün önce·discuss
idk, maybe being on an isolated continent really helped
smashini
·12 gün önce·discuss
Forbes 30 under 30...
smashini
·17 gün önce·discuss
It wraps around agents you already have and provides structured controls:

- Each agent acts only through a role and can only run skills its approved for.

- It cannot approve its own work.

- Support for human approval gates.

- Every action is committed to a hash-chained signed log.

I also built alot of runnable examples based on real life case studies (e.g. Knight Capital, Air Canada refund chatbot) and how it can be used to prevent them.

The goal is to help get agents that do impactful work (move money, healthcare triaging, prod releases, etc) out of pilot and into production.

Happy to answer any questions :)
smashini
·23 gün önce·discuss
Howdy,

A bit past the OpenClaw hype-train, but I remember seeing all this news about the massive security risks OpenClaw has, so I wrapped it with MakerChecker so you can have sophisticated guarantees and controls over OpenClaw. Good enough that you could have it be an employee ;)

Made a few demos where you could control how it uses finances, customer databases, etc. And how it could actually be used in the workplace.
smashini
·24 gün önce·discuss
I think that's where alot of the focus is going to be in the next few years, and it'll be what blocks us from getting AI into alot of risk averse industries. Been working alot on this.
smashini
·24 gün önce·discuss
Hi All!

Wanted to share this project I have been working on for a while. In the past few years and my previous startup, I really struggled to get any form of AI adoption in regulated industries. So I built MakerChecker: A way to add structural guarantees into how Agents and AI systems would operate in high risk environments.

It wraps around agents you already have and provides structured controls: - Each agent acts only through a role and can only run skills its approved for. - It cannot approve its own work. - Support for human approval gates. - Every action is committed to a hash-chained signed log.

I also build alot of runnable examples based on real life case studies (e.g. Knight Capital, Air Canada refund chatbot) and how it can be used to prevent them.

The goal is to help get agents that do impactful work (move money, healthcare triaging, prod releases, etc) out of pilot and into production.

Happy to answer any questions and always looking for constructive feedback :)
smashini
·25 gün önce·discuss
Where can I get more info on the model, would love to read up about it