Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Incubator Q&A

Welcome to the staging ground for new communities! Each proposal has a description in the "Descriptions" category and a body of questions and answers in "Incubator Q&A". You can ask questions (and get answers, we hope!) right away, and start new proposals.

Are you here to participate in a specific proposal? Click on the proposal tag (with the dark outline) to see only posts about that proposal and not all of the others that are in progress. Tags are at the bottom of each post.

How can I give an AI sandboxed file access? Question

+2
−0

I want to give an AI the ability to read, write and manipulate files on my computer, such as with the OpenAI function calling feature. The goal of this is to use the AI to work on a project comprising multiple files, such as developing a modular program.

However, I don't want to give it a free reign over my entire filesystem where it can delete important system files or read confidential data.

How can I limit what files the AI can work with?

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

0 comment threads

1 answer

+2
−0

One approach would be to containerize AI activity. For example:

  • Create a folder to serve as the AI's workspace
  • Create a Docker container
  • Use bind mounts to mount the workspace to the container
  • When fulfilling the function calls requested by the AI, do so inside the container

The container will not allow access to files which are not mounted. In principle the AI could modify the system files of the container itself, but you can simply delete the container and create a new one.

Note that while containers provide pretty good isolation, it is not foolproof and privilege escalation vulnerabilities have been discovered which allow an attacker to "escape" from the container.

Also, keep in mind that while this protects your filesystem from access by the AI, it does not by itself prevent the AI from accessing network resources.

A more robust way to limit the AI's file access would be to do so at the application layer, by checking the path of the file against a white/black list before even attempting to execute the function. This requires more explicit implementation of access rules and modifying the code of your application, however it gives you more control over the restrictions imposed.

When the AI attempts to access a forbidden file path, you can return a generic English error message like "Access forbidden by user". LLMs seems able to interpret this and proceed logically.

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

1 comment thread

Interested in background info on how this duplicate answer occurred (5 comments)

Sign up to answer this question »