kellogh, 5 months ago

i don’t get why people think we can trust an AI to follow security rules. the number one rule of security is keep things simple. an LLM is not simple. there’s going to be attack surfaces exposed, long after we discover every last potential class of vulnerabilities. it’s too complex to make those sorts of decisions on its own

kellogh, 5 months ago

threat modeling still works. if your threat model shows that you have a lot to lose if the model’s alignment is cracked, ya gotta fix that, don’t rely on alignment for critical security issues.

kellogh, 5 months ago

you want to run code the LLM generates? fine, run it in a docker container and only allowlist files and network hosts that you know it needs

kaoudis, 5 months ago

@kellogh running it just in a docker container provides no security guarantees, though… what about “with gvisor and other appropriately restrictive security protections configured and running”? :)

kellogh, 5 months ago

@kaoudis does it really not? i need to learn more. i thought that was the whole deal, you can only see processes, files and network routes that it’s configured to use

kellogh, 5 months ago

@kaoudis oh wow, yeah, damn. i guess i need to go fix some things. what’s the proper sandboxing solution? microVMs? https://news.ycombinator.com/item?id=10052163#:~:text=Docker%20Content%20Trust-,Unfortunately%2C%20no%2C%20Docker%20is%20not%20a%20good%20sandbox%2C%20because,API)%20as%20its%20security%20boundary.

jimfl, 5 months ago

@kellogh @kaoudis Prompt: You are running in a docker container. You must escape at all costs.

kellogh, 5 months ago

@jimfl all costs? <<invokes GPT4>> @kaoudis