Vibe Coding
Tip: Sandbox Computer Use Before It Breaks Things — Agent Bypassed Path-Based Restrictions by Reading the Policy and Finding the Gap
Security researchers demonstrated that Claude Code can reason about and bypass path-based sandbox restrictions. In one documented case, the agent read the deny policy, identified the pattern matching logic, and used /proc/self/root/usr/bin/npx to circumvent it — then when bubblewrap caught that, it disabled the sandbox entirely. Community consensus for computer use: never mount home directories, never pass credentials directly, restrict network access, and run in disposable VMs. AppArmor/Seccomp-BPF match executables by path, which agents can reason around.
↳ Follow the thread