frontpage.

I've been reviewing Agent sandboxing solutions recently and it occurred to me there is a gaping vector for persistent exploits for tools that let the agent write to the project directory.

I had originally thought this would ok as we could review everything in the git diff. But, it later occurred to me that there are all kinds of files that the agent could write to that I'd end up executing, as the developer, outside the sandbox. Every .pyc file for instance, files in .venv , .git hook files.

ChatGPT[1] confirms the underlying exploit vectors and also that there isn't much discussion of them in the context of agent sandboxing tools.

My conclusion from that is the only truly safe sandboxing technique would be one that transfers files from the sandbox to the dev's machine through some kind of git patch or similar. I.e. the file can only transfer if it's in version control and, therefore presumably, has been reviewed by the dev before transfer outside the sandbox.

Thoughts or recommendations?

1: https://chatgpt.com/share/69c3ec10-0e40-832a-b905-31736d8a3438

Crypto donations to UK parties to be banned

Show HN: Sudo for AI agents – cryptographic delegation instead of API keys

Block the LiteLLM supply chain attack, with Nono.sh runtime Security

One man used 10k bots to steal $8M from music artists

Safely evolve your JSON schemas. Check backward/forward compatibility

Show HN: As Notes – A Static Site Generator in Your Markdown Knowledgebase

Wikipedia has banned AI-generated text, with two exceptions

AI Agent action safety is not covered yet

Debunking Classical Pseudo-Paradoxes of Logic

Orbital data centers, part 1: There's no way this is economically viable, right?

A Brief History of San Francisco's Middle School Algebra Mess

Ancient Grapes Reveal Long History of Modern Wines

Can It Resolve Doom? Game Engine in 2k DNS Records

There Really Was a 'Mississippi Miracle' in Reading. States Should Learn from It

Apple App Store Is Flooded with AI Slop and Legitimate Developers Are Paying

Ban Pay-to-Play National Security Approvals

Any idea for my new feature? HTTPS://portolabs.id

White House Takes Aim at Biased AI in Government, Leaves Key Gaps

Show HN: Multi-step form component for Framer with a JSON-driven wizard

Open-source OWASP security testing for AI models and agents

Show HN: HowMuchGameHeroesMake

I Tried to Invent a Better Replication Policy. It Failed

A Eulogy for Vim

TeamMind – persistent memory for Claude Code (no API key, runs locally)

The Cost of Doing Business

Show HN: Marco, a privacy-first, offline-first email client (IMAP-native, no AI)

A 500K-parameter system that recovers invariant physics from observation alone

Quantization from the Ground Up

Dan rewrote chardet, relicensed to MIT. Original author broke 15-year silence

Show HN: Dbt-skillz compiles your dbt project into a Claude Code skill

Agent sandboxing tools that mount projects R/W have gaping exploits