Proxies, Sandboxes and Agent Security
5 hours ago
- #Sandboxing
- #Credential Proxy
- #AI Agent Security
- The author wanted to test if an AI SRE could monitor and manage their homelab using Hermes Agent triggered by alerts.
- Security concerns were raised about agents running destructive actions or exfiltrating secrets, especially with local models like Gemma4 and Qwen.
- To protect credentials, a credential injection proxy was implemented to replace fake tokens with real ones, using HTTP_PROXY and custom CA certificates.
- Proxy implementation faced challenges: Chrome with Playwright didn't honor certs, and some libraries like matrix[nio] didn't support HTTP_PROXY.
- Alternative solutions were mentioned, including Agent Vault, Kloak (using eBPF), and gVisor-based sandboxes for intercepting network requests.
- gVisor sandboxes allow intercepting all outgoing requests to create allow/deny lists, with potential integration in Kubernetes and GKE.