zlacker

[parent] [thread] 12 comments
1. JoshTr+(OP)[view] [source] 2026-01-14 20:24:50
Don't.

Among the many other reasons why you shouldn't do this, there are regularly reported cases of AIs working around these types of restrictions using the tools they have to substitute for the tools they don't.

Don't be the next headline about AI deleting your database.

replies(3): >>nico+O2 >>ninju+Sh >>coding+5r
2. nico+O2[view] [source] 2026-01-14 20:33:11
>>JoshTr+(OP)
> Don't

Do you mean "Don't give it more autonomy", or "Don't use it to access servers/dbs" ?

I definitely want to be cautious, but I don't think I can go back to doing everything manually either

replies(4): >>JoshTr+47 >>dsr_+9f >>bigstr+Jy >>hephae+Qz
◧◩
3. JoshTr+47[view] [source] [discussion] 2026-01-14 20:45:16
>>nico+O2
I mean, both, but in this case I'm saying "don't use it to access any kind of production resource", with a side order of "don't rely on simple sandboxing (e.g. command patterns) to prevent things like database deletions".
◧◩
4. dsr_+9f[view] [source] [discussion] 2026-01-14 21:13:41
>>nico+O2
Why aren't you using the tools we already have: ansible, salt, chef, puppet, bcfg2, cfengine... every one of which was designed to do systems administration at scale.
replies(1): >>dpolon+2k
5. ninju+Sh[view] [source] 2026-01-14 21:23:36
>>JoshTr+(OP)
https://www.pcmag.com/news/vibe-coding-fiasco-replite-ai-age...
◧◩◪
6. dpolon+2k[view] [source] [discussion] 2026-01-14 21:32:11
>>dsr_+9f
"Why would you use a new tool when other tools already exist?".

Agents are here. Maybe a fad, maybe a mainstay. Doesn't hurt to play around with them and understand where you can (and can't) use them

replies(1): >>dsr_+iS2
7. coding+5r[view] [source] 2026-01-14 21:59:05
>>JoshTr+(OP)
You need to secure the account an LLM-based app runs under, just like you would any user, AI or not. When you hire real people, do you grant them full privileges on all systems and just ask them not to touch things they shouldn't? No, you secure their accounts to the specific privileges they need, and no more. Do the same with AI.
replies(1): >>icedch+iT
◧◩
8. bigstr+Jy[view] [source] [discussion] 2026-01-14 22:31:08
>>nico+O2
You have to choose between laziness or having systems that the LLM can't screw up. You can't have both.
◧◩
9. hephae+Qz[view] [source] [discussion] 2026-01-14 22:35:24
>>nico+O2
You can have it write code that you review (with whatever level of caution you wish) and then run that on real data/infrastructure.

You get a lot of leverage that way, but it's still better than letting AI use your keys and act with full autonomy on stuff of consequence.

◧◩
10. icedch+iT[view] [source] [discussion] 2026-01-15 00:15:43
>>coding+5r
You'd be surprised. I've worked at multiple startups where employees were given prod access with zero oversight on day one: AWS, sudo access, database passwords, everything. The one startup that didn't do that never launched. Occasionally there were accidents: wrong branch deployed, bulk updates to DNS taking down most of the site, etc.
replies(1): >>coding+cW
◧◩◪
11. coding+cW[view] [source] [discussion] 2026-01-15 00:34:33
>>icedch+iT
Sure, so draw a different line - not all devs have access to withdraw cash from the corporate accounts, or to open the email of the CEO and board, etc. There are always lines of privilege drawn. The point isn't to quibble over where they are drawn, it is to point out that you need to do the same for LLMs. Don't trust them to behave. Enforce limits on their privileges.
◧◩◪◨
12. dsr_+iS2[view] [source] [discussion] 2026-01-15 15:14:33
>>dpolon+2k
Play and production need to be separate domains. Otherwise, you don't have production, you only have play.
replies(1): >>dpolon+YO3
◧◩◪◨⬒
13. dpolon+YO3[view] [source] [discussion] 2026-01-15 18:51:45
>>dsr_+iS2
Okay...? Agreed. I still don't think the answer to "How are you guys giving LLMs access to your DBs?" is "Don't".

Nowhere did OP or any of the comments in the chain specify they were testing Claude in production.

[go to top]