Ask HN: AI Agent and harness containerization/security recommendations A Hacker News user is seeking recommendations for securely containerizing AI agents that run local system and network commands, to protect system integrity while maintaining usability. The user, who teaches technology to newcomers, proposes using virtual machines or Docker containers to enforce file system isolation, and invites the community to share their security strategies and tool stacks. Hello HN crew - I am seeing the tendency for people to allow AI agents to access local project & user folders, and beyond operating system files . I thought to ask the question: How can we best use AI tools safely - where the workflow often runs local system commands and network commands - to protect the integrity of our systems & data AND be easy enough to use productively? Comment structure idea: Operating system / Agent harness / Agent / Security strategy & tool stack / Workflow To give some examples: I am currently using OpenCode +DeepSeek on Linux Mint Debian Edition LMDE , and I notice that the Agent & harness is frequently asking to create files in /tmp/ - I usually forbid this, and instruct it to only use files in the current folder. I would rather that the tool ONLY have access to a given project folder ~/Projects/PROJECT-NAME in a system-enforced way. However, I see that the agent often wants to run system commands like ps to debug a local dev server, pandoc or ffmpeg for file conversion, etc . This starts blurring the line - so I'm thinking that in order for the AI agent to be useful, I can consider giving it access to an isolated operating system - leading me to think about Virtual Machines, Docker containers, and so on. That introduces complexity like, "Should I be using shared folders between my system/VM?" etc. Would love to hear what's been working for you, the "ideal" state, and practically how we can implement it. I ought to mention that I'm frequently teaching technology including AI to somewhat newbies - so I am trying to find that balance, that lets them get easily something done effectively, but gives them security/integrity practices by default starting off, so they don't get into an awful jam "The AI deleted my project/computer " . Thanks Comments URL: https://news.ycombinator.com/item?id=48899674 https://news.ycombinator.com/item?id=48899674 Points: 1 Comments: 0