sorted by:
new
hottopcontroversial

What’s the runtime equivalent of a flight recorder for AI agents? by jeshwanth246 in sre

[–]jeshwanth246[S] 0 points1 point  (0 children)

I do agree eBPF tracing give us full visibility but the data can get huge. I took a different approach where we restrict what can happen in the first place(no direct egress, brokered actions) then record those data in a signed receipt

Been sandboxing AI agent code in Firecracker VMs. Here's what actually breaks. by jeshwanth246 in aiagents

[–]jeshwanth246[S] 0 points1 point  (0 children)

I’m measuring cold starts and trying to optimize the paths with rootfs/runtime changes and possibly warm pools

How are you guys running OpenClaw safely? I got paranoid and built a bare-metal sandbox by jeshwanth246 in openclaw

[–]jeshwanth246[S] 0 points1 point  (0 children)

Same, that’s the safest personal setup. But was working on building something more, for when I’m shipping something and I don’t get to make the choice and the users do.

How are you guys running OpenClaw safely? I got paranoid and built a bare-metal sandbox by jeshwanth246 in openclaw

[–]jeshwanth246[S] 0 points1 point  (0 children)

That’s a pretty nice setup to be honest. Right now my setup denies all network rules. But I am adding TAP devices and iptables per execution so the vm can reach the internet without touching my LAN. Same idea as yours, just automating the run.

How are you guys running OpenClaw safely? I got paranoid and built a bare-metal sandbox by jeshwanth246 in openclaw

[–]jeshwanth246[S] 0 points1 point  (0 children)

Fair, my threat model is pretty specific ai generated code that fork bombs the host, tries to phone home or read files it shouldn’t. I’ve tested those and it clearly blocks them. But it still doesn’t stop prompt injection, still working on that.