I don't want AI agents controlling my laptop

Summary

Part of me is always unnerved when I see people running claude --dangerously-skip-permissions or codex --yolo to give them unfettered ability to run commands on their machine. Admittedly, I do usually hit approve when I’m asked about a specific command, so I certainly understand the temptation to just avoid all that fuss and do a blanket approval. With the next generation of apps that people are building to control everything on your computer via some AI chat interface, it feels perhaps even scarier. The problem is, modern desktop operating systems are not really designed for strong security boundaries between different things running on your machine. Sure, there are some protections like “you can’t record the screen without the user granting explicit permission”, but if you want AI to be able to take actions on your computer then you need to turn most of this stuff on. Different user accounts act as a security boundary but in practice everyone does all their work under a single user account. There’s no good way to say “allow access to everything on my computer, except for my password manager, my bank, my ~/.aws/credentials file, and the API keys I left in my environment variables”. Especially with Simon Willison’s lethal trifecta, you don’t really want to be giving access to these things, even if most of the time, nothing bad happens. Barring a major rearchitecture (which maybe Apple and Microsoft are working on), it’s too hard in practice to grant access to your whole laptop and know exactly what things the AI has access to and feel confident that there’s nothing too sensitive. (I do appreciate Codex’s clever default of running commands in sandboxes that can’t communicate over the network or write files outside the repo directory.) There are two promising solutions here. Cloud environments (and VMs in general) are one. A bit more annoying to set up but you also get the bonus of reproducibility across a team, being able to run multiple sessions in parallel, and eas...