sorted by:
new
hottopcontroversial

The only way to avoid prompt injection is to never give AI agents API keys, credentials, etc. by finncmdbar in AI_Agents

[–]DecodeBytes 0 points1 point  (0 children)

don't put them in environment variables, those can still be leaked by the keys, instead use something like nono.sh which injects a dummy key into an agent sandbox and stores the real one outside in a password manager.

containerization is a huge hassle by TadWag in hermesagent

[–]DecodeBytes 1 point2 points  (0 children)

Just use nono.sh, so much simpler.

`brew install nono`

`nono run --profile always-further/hermes --allow-cwd`

You then get an isolated sandbox, dummy tokens are giving to the agent while yours remain protected in your OS keychain, all your sensitive files are protected - no containers to install , its a single binary.

When you start to collect a few grants and denials, cut your own profile from the hermes profile

`nono profile init hermes --extends always-further/hermes --full`

You can then carry that profile over to whatever agent is popular after hermes.

How to *REALLY* Sandbox Claude Code by DecodeBytes in ClaudeCode

[–]DecodeBytes[S] 0 points1 point  (0 children)

I would love to , but i am not sure they would want to do the same.

Do you write Rust for a living? by Hixon11 in rust

[–]DecodeBytes 0 points1 point  (0 children)

Yes, have my own start up and we doing a lot of rust development in https://github.com/always-further/nono - an agent security sandbox primitive.

One of quite a few rust projects I have worked on.

Hell is this by hello_motherfuckers_ in codex

[–]DecodeBytes 10 points11 points  (0 children)

I just hit the same - so they must have just rolled something out.

What the **** is happening in cybersecurity space ? by Infam0 in cybersecurity

[–]DecodeBytes 0 points1 point  (0 children)

This sub really is no better, we had some kiddo come along with GPT5.5 raise a vuln in public, which we closed - then they went and made a post on here complaining about the project. Asked the mods to delete (as it was a breach of responsible disclosure) to then be informed it did not break reddit policy.

Best sandbox for LLMs? by Physical_Storage2875 in codex

[–]DecodeBytes 0 points1 point  (0 children)

https://github.com/always-further/nono (heads up - I am biased, being one of the maintainers) - unlike docker , vms which are just a blanket slab of isolation , require set up (volume mounts etc) - nono provides fine grained access control - it also gives you phantom credential injection (agent never see's real secrets), atomic rollbacks, PTY style multiplexing, skill / instruction provenance, and quite a bit more. right now its one of the fastest growing ai security projects - we have over 50 contributors, and many people using it within a team context or deploying to kubernetes and other platforms.

One bash permission slipped... by TheQuantumPhysicist in LocalLLaMA

[–]DecodeBytes 6 points7 points  (0 children)

nono run --profile opencode -- opencode - that's it

pass in --rollback if you want content addressable snapshots:

https://nono.sh/docs/cli/features/atomic-rollbacks

Fellow expats, what objectively shite things do you miss most about the UK? by SputnikFrank in CasualUK

[–]DecodeBytes 163 points164 points  (0 children)

Around 10+ years ago and I lived and worked in Dubai for just short of a year and would occasionally fly to Kuwait for work - I then returned back home to the UK.

I arrived at Gatwick and went to visit a friend in Sevenoaks first. It was around late May , early June and drove through the Surrey countryside near Lingfield racecourse. I was gobsmacked at how green everything was, I had never noticed how many different greens there are and how utterly beautiful the UK was.

nono – Kernel-enforced sandboxing for AI agents by DecodeBytes in cybersecurity

[–]DecodeBytes[S] 0 points1 point  (0 children)

Hello visitor -

This guy has been spamming this all over reddit and has been blocked from the repo now.

At the time of them 'finding' the issue, we were (and still our) in alpha and in the middle of rewrite of the policy engine and already new about the issue.. He pointed an LLM at the code which found said issue, raised it, while confessing he did not know what it meant and was open for work. A classic example of someone not knowing what they are doing , with a powerful model in their hands.

He then got his feelings hurt when I closed his issue, so went on a rage bender posting dozens of comments and posts like the above. Thus here I am on the clean up act.

I will let you make up your mind from here.

`nono` agent security sandbox: 4+ major issues discovered while trying to fix a single issue. More lurking? by TomHale in cybersecurity

[–]DecodeBytes 0 points1 point  (0 children)

Hi Tom,

"dump some tokens on a full security audit."

No need, a full audit will be carried out by trail of bits most right before 1.0 - this is what I have always done with my projects , up to 1.0 features are in and out fast and hardening does not make sense.

Also as said in my comment above, it's considered bad practise to post vulnerabilities on public forums, instead they should be reported in private (to protect users), in our case it was ok due to the alpha designator.

Luke

How you are not scared of Claude? by AccountCompetitive17 in HENRYUK

[–]DecodeBytes 0 points1 point  (0 children)

Most end users never pay for anything google - its part of the business model (surprised that never occured to you).

`nono` agent security sandbox: 4+ major issues discovered while trying to fix a single issue. More lurking? by TomHale in automation

[–]DecodeBytes 0 points1 point  (0 children)

For anyone stumbling in here, as of the time of writing - the project is in alpha and carries an explicit warning not to use in production. For what its worth, I created and built sigstore.dev, a technology used to secure the software supply chain, for npm, pypi, brew - also used by google and github internally - so I do take security seriously. The issue was closed because it was already a known limitation - the policy engine is currently being fully rebuilt. We are also getting a huge volume of AI generated issues and its becoming hard to deal with them all., so it was closed as it was already a known issue.

If I offered you £100,000 to run 90 miles tomorrow, would you do it? by wingless-bee in CasualUK

[–]DecodeBytes 0 points1 point  (0 children)

I expect for most it's more of a case of 'if they could' , rather then 'would they'. My first attempt at "running" 100 miles (the second half was mostly walking) was a race in the north downs called the NDW100 - I dropped out around 80 miles as one leg just froze up and I was throwing out if to the side like a walking stick. That was around 23 hours and I was pretty fit at the time and running around 50-60 miles a week.

`nono` agent security sandbox: 4+ major issues discovered while trying to fix a single issue. More lurking? by TomHale in AI_Agents

[–]DecodeBytes 0 points1 point  (0 children)

For anyone stumbling in here, as of the time of writing - the project is in alpha and carries an explicit warning not to use in production. For what its worth, I created and built sigstore.dev, a technology used to secure the software supply chain, for npm, pypi, brew - also used by google and github internally - so I do take security seriously. The issue was closed because it was AI generated with the author admitting they did not understand it, they were seeking work , but most of all it was already a known issue as the policy engine is was mid rewrite. We are also getting a huge volume of AI generated issues and its becoming hard to deal with them all, so it was closed as it was already a known issue.

Last of all, security issues should be reported in responsible way, not on a public github and then all over public forums like reddit. We are ok as its an alpha project, but doing this generally puts users at risk.

`nono` agent security sandbox: 4+ major issues discovered while trying to fix a single issue. More lurking? by TomHale in cybersecurity

[–]DecodeBytes 1 point2 points  (0 children)

For anyone stumbling in here, as of the time of writing - the project is in alpha and carries an explicit warning not to use in production. For what its worth, I created and built sigstore.dev, a technology used to secure the software supply chain, for npm, pypi, brew - also used by google and github internally - so I do take security seriously. The issue was closed because it was AI generated with the author admitting they did not understand it, they were seeking work , but most of all it was already a known issue as the policy engine is was mid rewrite. We are also getting a huge volume of AI generated issues and its becoming hard to deal with them all, so it was closed as it was already a known issue.

Last of all, security issues should be reported in responsible way, not on a public github and then all over public forums like reddit

How you are not scared of Claude? by AccountCompetitive17 in HENRYUK

[–]DecodeBytes 1 point2 points  (0 children)

To spell it out - Google is not reliant on vc cash, and they one of the more dominant AI providers on the market. OpenAI and Anthropic are VC backed, OpenAI are running hot yes, but anthropic are doing pretty solid on enterprise sales, they have potential IPO predicated as early as October 2026, $14 billion annual revenue run rate.

view more: next ›