Welcome to the staging ground for new communities! Each proposal has a description in the "Descriptions" category and a body of questions and answers in "Incubator Q&A". You can ask questions (and get answers, we hope!) right away, and start new proposals.
Are you here to participate in a specific proposal? Click on the proposal tag (with the dark outline) to see only posts about that proposal and not all of the others that are in progress. Tags are at the bottom of each post.
Comments on How can I give an AI sandboxed file access?
Parent
How can I give an AI sandboxed file access? Question
I want to give an AI the ability to read, write and manipulate files on my computer, such as with the OpenAI function calling feature. The goal of this is to use the AI to work on a project comprising multiple files, such as developing a modular program.
However, I don't want to give it a free reign over my entire filesystem where it can delete important system files or read confidential data.
How can I limit what files the AI can work with?
Post
One approach would be to containerize AI activity. For example:
- Create a folder to serve as the AI's workspace
- Create a Docker container
- Use bind mounts to mount the workspace to the container
- When fulfilling the function calls requested by the AI, do so inside the container
The container will not allow access to files which are not mounted. In principle the AI could modify the system files of the container itself, but you can simply delete the container and create a new one.
Note that while containers provide pretty good isolation, it is not foolproof and privilege escalation vulnerabilities have been discovered which allow an attacker to "escape" from the container.
Also, keep in mind that while this protects your filesystem from access by the AI, it does not by itself prevent the AI from accessing network resources.
A more robust way to limit the AI's file access would be to do so at the application layer, by checking the path of the file against a white/black list before even attempting to execute the function. This requires more explicit implementation of access rules and modifying the code of your application, however it gives you more control over the restrictions imposed.
When the AI attempts to access a forbidden file path, you can return a generic English error message like "Access forbidden by user". LLMs seems able to interpret this and proceed logically.
0 comment threads