hmmm when I let a plumber into my house to fix my leaky tub, I didn’t imply he had permission to sleep with my wife who also lives in the house I let the plumber into
The difference you try to make is precisely what these agentic AIs should know to respect… which they won’t because they are not actually aware of what they are doing… they are like a dog that “does math” simply by barking until the master signals them to stop
A big problem in computer security these days is all-or-nothing security: either you can’t do anything, or you can do everything.
I have no interest in agentic AI, but if I did, I would want it to have very clearly specified permission to certain folders, processes and APIs. So maybe it could wipe the project directory (which would have backup of course), but not a complete harddisk.
And honestly, I want that level of granularity for everything.
The user can choose whether the AI can run commands on its own or ask first.
That implies the user understands every single code with every single parameters. That’s impossible even for experience programmers, here is an example :
rm *filename
versus
rm * filename
where a single character makes the entire difference between deleting all files ending up with filename rather than all files in the current directory and also the file named filename.
Of course here you will spot it because you’ve been primed for it. In a normal workflow, with pressure, then it’s totally different.
Also IMHO more importantly if you watch the video ~7min the clarified the expected the “agent” to stick to the project directory, not to be able to go “out” of it. They were obviously painfully wrong but it would have been a reasonable assumption.
That implies the user understands every single code with every single parameters. That’s impossible even for experience programmers
I wouldn’t say impossible but I would say it completely defeats the purpose of these agentic AIs
Either I know and understand these commands so well I can safely evaluate them, therefore I really do not need the AI… or, I don’t really know them well and therefore I shouldn’t use the AI
Yep. That’s exactly why I tend to never discuss “AI” with people who don’t have to actually have a PhD in the domain, or at least a degree in CS. It’s nothing against them specifically, it’s only that they are dangerously repeating what they heard during marketing presentations with no ability to criticize it and, in such cases, it can be quite dangerous.
TL;DR: people who could benefit from it don’t need it, people who would shouldn’t.
Kinda wrong to say “without permission”. The user can choose whether the AI can run commands on its own or ask first.
Still, REALLY BAD, but the title doesn’t need to make it worse. It’s already horrible.
hmmm when I let a plumber into my house to fix my leaky tub, I didn’t imply he had permission to sleep with my wife who also lives in the house I let the plumber into
The difference you try to make is precisely what these agentic AIs should know to respect… which they won’t because they are not actually aware of what they are doing… they are like a dog that “does math” simply by barking until the master signals them to stop
🥱
I agree with you, but still, the AI doesn’t do this by default which is a shitty defense, but it’s fact
A big problem in computer security these days is all-or-nothing security: either you can’t do anything, or you can do everything.
I have no interest in agentic AI, but if I did, I would want it to have very clearly specified permission to certain folders, processes and APIs. So maybe it could wipe the project directory (which would have backup of course), but not a complete harddisk.
And honestly, I want that level of granularity for everything.
That implies the user understands every single code with every single parameters. That’s impossible even for experience programmers, here is an example :
rm *filenameversus
rm * filenamewhere a single character makes the entire difference between deleting all files ending up with
filenamerather than all files in the current directory and also the file namedfilename.Of course here you will spot it because you’ve been primed for it. In a normal workflow, with pressure, then it’s totally different.
Also IMHO more importantly if you watch the video ~7min the clarified the expected the “agent” to stick to the project directory, not to be able to go “out” of it. They were obviously painfully wrong but it would have been a reasonable assumption.
I wouldn’t say impossible but I would say it completely defeats the purpose of these agentic AIs
Either I know and understand these commands so well I can safely evaluate them, therefore I really do not need the AI… or, I don’t really know them well and therefore I shouldn’t use the AI
Yep. That’s exactly why I tend to never discuss “AI” with people who don’t have to actually have a PhD in the domain, or at least a degree in CS. It’s nothing against them specifically, it’s only that they are dangerously repeating what they heard during marketing presentations with no ability to criticize it and, in such cases, it can be quite dangerous.
TL;DR: people who could benefit from it don’t need it, people who would shouldn’t.
100% agree with that tldr