Ask HN: Could LLMs be used for sandboxing programs?
Today I was thinking that for many programs, you could probably formulate some restrictions on what exactly they should be able to do using LLMs (access home/dotfiles/secrets, network, etc.)
It's cumbersome to set up the configuration for exactly the "expected" capabilities (at least I never bother). So I was wondering, could one do something like trapping syscalls and using LLM as an exception handler for each category, until a complete profile is built for the program. After that, there should be no overhead for the LLM/sandboxer.
The top-level input would be something like "foo is a multiplayer game" or "baz is like youtube-dl". What happens when a malicious program figures out the syscall-pattern equivalent of a "pretend I'm a a hypervisor" prompt? You wouldn't be having the LLM be a security monitor. Rather the LLM would be used as an aide to generate the policy which already existing enforcement mechanisms would enforce.