You know there is no such thing as the world police or something of that sort.
If the perpetrator is in another country / jurisdiction it is virtually impossible to prosecute let alone sentence.
It is 100% regulatory problem in this case. You just cannot allow this content to be generated and distributed in the public domain by anonymous users. It has nothing to do with free speech but with civility and common understanding of what is morally wrong / right.
Obviously you cannot prevent this in private forums unless it is made illegal which is a completely different problem that requires a very different solution.
We recently built our own sandbox environment backed by firecracker and go. It works great.
For data residency, i.e. making sure the service is EU bound, there is basically no other way. We can move the service anywhere we can get hardware virtualisation.
As for the situation with credentials, our method is to generate CLIs on the fly and expose them to the LLMs and then they can shell script them whichever way they want. The CLIs only contain scoped credentials to our API which handles oauth and other forms of authentication transparently. The agent does not need to know anything about this. All they know is that they can do
$ some-skillset search-gmail-messages -q "emails from Adrian"
In our own experiments we find that this approach works better and it just makes sense given most of the latest models are trained as coding assistants. They just love bash, so give them the tools.
I was one of the nay sayers but right now I am convinced.
That being said, it still requires some engineering background to come up with interesting ideas and solutions with the help of LLMs but even that might be replaced.
I get the feeling you haven’t done much government consulting. The bill has nothing to do with the actual work; it’s meetings with stakeholders after stakeholder then coming out with a plan that will please everyone.
using sandboxes makes a lot of sense now a days, but this is nowhere near the prod sandboxes the market has, they have a lot of work and optimizations going on! but yeah its little fun side project! thanks for the compliments :)
Noticed the same. Doing a quick analysis of clawdbot myself I figured there are many spam domains that are used to backlink. Now there is a new domain being advertised as a replacement of the original. It points to the same landing page though it is hard to say if this comes from the original authors. All of it seems to be related to a crypto scheme. The astroturfing on reddit is also pretty bad.
This is obviously in a blip in the grand scheme of things but it is just an indication what all of these social media platforms are destined to become without some sort of intervention.
Fwiw the new 'maltbot' (molt.bot) is the legit one and can be verified on the official github repo which has had its org changed and loads here: https://github.com/moltbot/moltbot (the original redirects for some added reassurance).
My understanding it was a very quick rebrand due to Anthropic sending a takedown notice so theres still references to the old name.
molt.bot is connected to the same spam network - growing number of backlinks and reddit shilling just in the past 24 hours.
I saw at least 2-3 security reports as well pointing to various critical vulnerability.
Looked at the source as well - it makes zero sense. A lot of random commits. I suspect it would be trivial to introduce a backdoor the way this project is managed.
I would likely not touch the product because of the implications of providing an LLM full system access. With the pump-and-dump coin chumps, it's possible they use the carapace of software as a hype-vehicle with no relation to the dev.
reply