Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Descriptions Incubator Q&A Meta
Incubator Q&A
Posts Tags Edits
Create Post

Welcome to the staging ground for new communities! Each proposal has a description in the "Descriptions" category and a body of questions and answers in "Incubator Q&A". You can ask questions (and get answers, we hope!) right away, and start new proposals.

How can I give an AI sandboxed file access? Question

+2
−0

I want to give an AI the ability to read, write and manipulate files on my computer, such as with the OpenAI function calling feature. The goal of this is to use the AI to work on a project comprising multiple files, such as developing a modular program.

However, I don't want to give it a free reign over my entire filesystem where it can delete important system files or read confidential data.

How can I limit what files the AI can work with?

ai-tech security guardrails
posted 10 months ago
user card
matthewsnyder‭
128 65 52
History
Why does this post require moderator attention?
You might want to add some details to your flag.
Why should this post be closed?

0 comment threads

1 answer

Score Active Age
+2
−0

One approach would be to containerize AI activity. For example:

  • Create a folder to serve as the AI's workspace
  • Create a Docker container
  • Use bind mounts to mount the workspace to the container
  • When fulfilling the function calls requested by the AI, do so inside the container

The container will not allow access to files which are not mounted. In principle the AI could modify the system files of the container itself, but you can simply delete the container and create a new one.

Note that while containers provide pretty good isolation, it is not foolproof and privilege escalation vulnerabilities have been discovered which allow an attacker to "escape" from the container.

Also, keep in mind that while this protects your filesystem from access by the AI, it does not by itself prevent the AI from accessing network resources.

A more robust way to limit the AI's file access would be to do so at the application layer, by checking the path of the file against a white/black list before even attempting to execute the function. This requires more explicit implementation of access rules and modifying the code of your application, however it gives you more control over the restrictions imposed.

When the AI attempts to access a forbidden file path, you can return a generic English error message like "Access forbidden by user". LLMs seems able to interpret this and proceed logically.

posted 10 months ago
user card
matthewsnyder‭
128 65 52
History
Why does this post require moderator attention?
You might want to add some details to your flag.

1 comment thread

Interested in background info on how this duplicate answer occurred (5 comments)

Sign up to answer this question »