Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Descriptions Incubator Q&A Meta
Incubator Q&A
Posts Tags Edits
Create Post

Welcome to the staging ground for new communities! Each proposal has a description in the "Descriptions" category and a body of questions and answers in "Incubator Q&A". You can ask questions (and get answers, we hope!) right away, and start new proposals.

Are you here to participate in a specific proposal? Click on the proposal tag (with the dark outline) to see only posts about that proposal and not all of the others that are in progress. Tags are at the bottom of each post.

Post History

66%
+2 −0
Incubator Q&A How can I give an AI sandboxed file access?

One approach would be to containerize AI activity. For example: Create a folder to serve as the AI's workspace Create a Docker container Use bind mounts to mount the workspace to the container...

posted 1y ago by matthewsnyder‭

Answer
#1: Initial revision by user avatar matthewsnyder‭ · 2023-07-29T21:05:49Z (over 1 year ago) 
One approach would be to containerize AI activity. For example:

* Create a folder to serve as the AI's workspace
* Create a Docker container
* Use bind mounts to mount the workspace to the container
* When fulfilling the function calls requested by the AI, do so inside the container

The container will not allow access to files which are not mounted. In principle the AI could modify the system files of the container itself, but you can simply delete the container and create a new one.

Note that while containers provide pretty good isolation, it is not foolproof and privilege escalation vulnerabilities have been discovered which allow an attacker to "escape" from the container.

Also, keep in mind that while this protects your filesystem from access by the AI, it does not by itself prevent the AI from accessing network resources.

A more robust way to limit the AI's file access would be to do so at the application layer, by checking the path of the file against a white/black list before even attempting to execute the function. This requires more explicit implementation of access rules and modifying the code of your application, however it gives you more control over the restrictions imposed.

When the AI attempts to access a forbidden file path, you can return a generic English error message like "Access forbidden by user". LLMs seems able to interpret this and proceed logically.