zlacker

[parent] [thread] 2 comments
1. ATechG+(OP)[view] [source] 2026-02-03 18:57:39
> allowNet: ["api.openai.com", "*.anthropic.com"],

How to know what domains to allow? The agent behavior is not predefined.

replies(2): >>Curiou+z6 >>falcor+f7
2. Curiou+z6[view] [source] 2026-02-03 19:24:26
>>ATechG+(OP)
The idea is to gate automatic secret replacement to specific hosts that would use them legitimately to avoid exfiltration.
3. falcor+f7[view] [source] 2026-02-03 19:26:55
>>ATechG+(OP)
Well, this is the hard part, but the idea is that if you're working with both untrusted inputs and private data/resources, then your agent is susceptible to the "lethal trifecta"[0], and you should be extremely limiting in its ability to have external network access. I would suggest starting with nothing beyond the single AI provider you're using, and only add additional domains if you are certain you trust them and can't do without them.

[0] https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

[go to top]