Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can configure a network allow-list (for anything beyond what it absolutely requires in order to function).

yoloAI is just leveraging the sandboxing functionality that Docker, Kata, firecracker etc already provides.



sorry. At this point it's just a meme how people give llms open access to internet, literally all passwords and all tokens and then they are actually surprised when something bad happens "but I run it in docker"

even if docker sandbox escapes didn't exist it's just chef's kiss


Yup, very irresponsible. And then the horror stories.

    yoloai new --network-isolated ...
ONLY agent API traffic allowed. Everything else gets blocked by iptables.

    yoloai new --network-allow api.example.com --network-allow cdn.example.org ...
ONLY agent API traffic + api.example.com and cdn.example.org. Everything else blocked by iptables.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: