This is cool! How, if at all, are you thinking about sequences of permissions in a given session? Like, ratcheting down the permissions, e.g., after reading a secret?

Most of us are not using agents to deploy infra to production to begin with?

I'm not susceptible to it because I am not foolish or lazy enough to give the clanker access to my command line. Anyone who does that is begging for trouble and I'm not gonna have much sympathy when they get bitten.

Everyone, even the people who saw the inevitability of this and didn't succumb to offloading their thinking to agents?

They don't even deserve a lot of credit because of how obvious consequences like these would be.

> You/we are all susceptible to this sort of thing, and I call BS on anyone who says they check every little thing their agent does with the same level of scrutiny as they would if they were doing it manually.

Why? I do that. I give it broad permissions but I also give it very specific instructions, especially when it's about deleting resources. I work in small chunks and review before committing, and I push before starting another iteration (so that if something goes wrong, I have a good state I can easily restore).

I'm the one with the brain. The LLM can regurgitate a ton of plumbing and save days of sifting through libraries, but it'll still get something wrong because at the core it's still a probabilistic output generator. No matter how good it becomes, it still cannot judge whether it's doing something a human will immediately spot as "stupid".

Interacting with and fixing API calls automatically is something that normally works for me, but allowing the agent to run a terraform destroy is something I'd have never let it execute, I'd have been very specific about that.

This is satire right? The real lesson we learned is to actually learn how you infrastructure works and don't blindly run destructive commands in prod, AI or otherwise right?

SRE here, why you would let your AI run "tofu plan" for you vs doing it on your own?

This is example of someone who has let AI do too much of their "thinking" for them and it's led to brain rot.

Having the agent autonomously perform the plan stage is fine; that’s not destructive. It’s the blind application stage without human validation or other safety checks that is the problem.

I mean, apply is not destructive without human in the loop if you don't pass in -auto-approve.

In any case, I think spending few seconds typing into your terminal and get yourself in human review mode is mindset improvement if it's not 100% speed optimal.

Agents are perfectly capable of responding to confirmation prompts. The auto approve flag requirement won’t stop a determined agent if it concludes that’s what the principal desires.

This ^^

There's a set of common needs across these gateways, and everyone is building their own proxies and reinventing the wheel, which just feels unnecessary.

~All of our customers at Oso (the launch partner in the article) have been asking us how to get a handle on this stuff...bc their CEO/board/whatever is asking them. So to us it was a no-brainer. (We're also Tailscale customers.)

Love to see it!

> yield to a tech CEO from San Francisco

ahem, he's from Utah duh bro

I've been doing this for a year or two. Love it, but haven't made it a thing across my team...and I'm not sure they love it as much as I do :P

> But first, before we get into Gas Town’s operation, I need to get rid of you real quick.

WARNING DANGER CAUTION GET THE F** OUT YOU WILL DIE

I have never met Steve, but this warning alone is :chefskiss:

reminds me of this warning from Dante in the YARP documentation: https://www.yarp.it/latest/warning.html.

Yes we've implemented this at Oso.

What a dempster fire

Say what you will -- East River Source Control is a great name