cd /news/ai-agents/ask-hn-ai-agent-and-harness-containe… · home topics ai-agents article
[ARTICLE · art-58028] src=news.ycombinator.com ↗ pub= topic=ai-agents verified=true sentiment=· neutral

Ask HN: AI Agent and harness containerization/security recommendations

A Hacker News user is seeking recommendations for securely containerizing AI agents that run local system and network commands, to protect system integrity while maintaining usability. The user, who teaches technology to newcomers, proposes using virtual machines or Docker containers to enforce file system isolation, and invites the community to share their security strategies and tool stacks.

read2 min views1 publishedJul 13, 2026

Hello HN crew -

I am seeing the tendency for people to allow AI agents to access local project & user folders, and beyond (operating system files).

I thought to ask the question: How can we best use AI tools safely - where the workflow often runs local system commands and network commands - to protect the integrity of our systems & data AND be easy enough to use productively?

Comment structure idea:

Operating system / Agent harness / Agent / Security strategy & tool stack / Workflow

To give some examples: I am currently using OpenCode (+DeepSeek) on Linux Mint Debian Edition (LMDE), and I notice that the Agent & harness is frequently asking to create files in /tmp/ - I usually forbid this, and instruct it to only use files in the current folder. I would rather that the tool ONLY have access to a given project folder (~/Projects/PROJECT-NAME) in a system-enforced way. However, I see that the agent often wants to run system commands (like ps to debug a local dev server, pandoc or ffmpeg for file conversion, etc). This starts blurring the line - so I'm thinking that in order for the AI agent to be useful, I can consider giving it access to an isolated operating system - leading me to think about Virtual Machines, Docker containers, and so on. That introduces complexity like, "Should I be using shared folders between my system/VM?" etc.

Would love to hear what's been working for you, the "ideal" state, and practically how we can implement it.

I ought to mention that I'm frequently teaching technology (including AI) to somewhat newbies - so I am trying to find that balance, that lets them get easily something done effectively, but gives them security/integrity practices by default starting off, so they don't get into an awful jam ("The AI deleted my project/computer!").

Thanks!

Comments URL: [https://news.ycombinator.com/item?id=48899674](https://news.ycombinator.com/item?id=48899674)

Points: 1

── more in #ai-agents 4 stories · sorted by recency
── more on @opencode 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/ask-hn-ai-agent-and-…] indexed:0 read:2min 2026-07-13 ·