Comment by languid-photic

Comment by languid-photic 4 days ago

2 replies

View on Hacker News

> Have you had any "learned the hard way" moments?

A big lesson for us is that you still need to be careful even in a sandbox.

We've been running Claude/Codex/Gemini in sandboxed YOLO mode and have seen some interesting bypass attempts. [1]

A few examples:

- created fake npm tarballs and forged SHA‑512s in our package‑lock.json

- masked failures with `|| true`, making blocked operations look successful

- cloned a workspace, edited the clone, then replaced the workspace w the clone to bypass file‑path deny rules

So, we’ve learned to default to verbose logging, patch bypasses as we see them, and try to keep iteration loops short.

[1] https://voratiq.com/blog/yolo-in-the-sandbox/

kasey_junk 4 days ago

I watched Claude download the rust toolchain and build a user land networking stack to get around some container sandboxing restrictions I had in place. Tbf to Claude I was prompting it in ways that were not explicitly to get it to do this but were intentionally putting it in conflict with the sandboxing.

Reply View 1 reply

languid-photic 4 days ago

Yes, typically the agent is just trying to do what it's been instructed to do, but sometimes it's too naive to realize its approach is a bit sketchy.
And actually, one way we've hardened our sandbox is by tasking agents with impossible tasks (within the sandbox), then analyzing and patching each workaround.

Reply View | 0 replies