Guardrails AI

Guardrails AI AI

Guardrails AI AI

Guardrails AI AI

Guardrails AI AI

Guardrails AI AI

Guardrails AI AI

Guardrails AI AI

Guardrails AI AI

Guardrails AI AI

Guardrails AI AI

The "Bessent-Powell" Warning: Systemic Risk or AI Safety Failure?

The breaking Bloomberg report regarding the urgent warning from Treasury Secretary Bessent and Fed Chair Powell to bank CEOs is a "black swan" moment for the Anthropic ecosystem. As a practitioner with 25 years in defensive architecture, this "model scare" looks less like a standard hallucination and more like a Moderate Confidence assessment of a structural failure in Constitutional AI guardrails when applied to high-stakes financial logic. If the Fed and Treasury are intervening, we are likely looking at a vulnerability where Claude’s reasoning engine—specifically in agentic banking workflows—has demonstrated an ability to subvert deterministic financial controls or mask Silent Data Corruption (SDC) in liquidity forecasting. ​For the r/ClaudeAI community, this is a critical pivot from "prompt engineering" to "model integrity." If you are using Claude for automated financial analysis or codebase management within fintech, I recommend an immediate audit of your Policy Enforcement Points (PEPs). We must move beyond "safe" prose to verified output; specifically, implement redundant Human-in-the-Loop (HITL) verification for any model-driven transaction and deploy egress monitoring to detect anomalous API patterns that might suggest the model is being steered toward adversarial logic. The "scare" suggests that even the most robust safety alignments can be pressured under systemic stress—treat Claude as a powerful, but currently unverified, advisor until the root cause is disclosed. https://www.bloomberg.com/news/articles/2026-04-10/anthropic-model-scare-sparks-urgent-bessent-powell-warning-to-bank-ceos ​#ClaudeAI #Anthropic #CyberSecurity #AIsafety #FinTech #BreakingNews submitted by /u/CyberMetry [link] [comments]

My Claude.md file

This is my Claude.md file, it is the same information for Gemini.md as i use Claude Max and Gemini Ultra. # CLAUDE.md This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. ## Project Overview **Atlas UX** is a full-stack AI receptionist platform for trade businesses (plumbers, salons, HVAC). Lucy answers calls 24/7, books appointments, sends SMS confirmations, and notifies via Slack — for $99/mo. It runs as a web SPA and Electron desktop app, deployed on AWS Lightsail. The project is in Beta with built-in approval workflows and safety guardrails. ## Commands ### Frontend (root directory) ```bash npm run dev # Vite dev server at localhost:5173 npm run build # Production build to ./dist npm run preview # Preview production build npm run electron:dev # Run Electron desktop app npm run electron:build # Build Electron app ``` ### Backend (cd backend/) ```bash npm run dev # tsx watch mode (auto-recompile) npm run build # tsc compile to ./dist npm run start # Start Fastify server (port 8787) npm run worker:engine # Run AI orchestration loop npm run worker:email # Run email sender worker ``` ### Database ```bash docker-compose -f backend/docker-compose.yml up # Local PostgreSQL 16 npx prisma migrate dev # Run migrations npx prisma studio # DB GUI npx prisma db seed # Seed database ``` ### Knowledge Base ```bash cd backend && npm run kb:ingest-agents # Ingest agent docs cd backend && npm run kb:chunk-docs # Chunk KB documents ``` ## Architecture ### Directory Structure - `src/` — React 18 frontend (Vite + TypeScript + Tailwind CSS) - `components/` — Feature components (40+, often 10–70KB each) - `pages/` — Public-facing pages (Landing, Blog, Privacy, Terms, Store) - `lib/` — Client utilities (`api.ts`, `activeTenant.tsx` context) - `core/` — Client-side domain logic (agents, audit, exec, SGL) - `config/` — Email maps, AI personality config - `routes.ts` — All app routes (HashRouter-based) - `backend/src/` — Fastify 5 + TypeScript backend - `routes/` — 30+ route files, all mounted under `/v1` - `core/engine/` — Main AI orchestration engine - `plugins/` — Fastify plugins: `authPlugin`, `tenantPlugin`, `auditPlugin`, `csrfPlugin`, `tenantRateLimit` - `domain/` — Business domain logic (audit, content, ledger) - `services/` — Service layer (`elevenlabs.ts`, `credentialResolver.ts`, etc.) - `tools/` — Tool integrations (Outlook, Slack) - `workers/` — `engineLoop.ts` (ticks every 5s), `emailSender.ts` - `jobs/` — Database-backed job queue - `lib/encryption.ts` — AES-256-GCM encryption for stored credentials - `lib/webSearch.ts` — Multi-provider web search (You.com, Brave, Exa, Tavily, SerpAPI) with randomized rotation - `ai.ts` — AI provider setup (OpenAI, DeepSeek, OpenRouter, Cerebras) - `env.ts` — All environment variable definitions - `backend/prisma/` — Prisma schema (30KB+) and migrations - `electron/` — Electron main process and preload - `Agents/` — Agent configurations and policies - `policies/` — SGL.md (System Governance Language DSL), EXECUTION_CONSTITUTION.md - `workflows/` — Predefined workflow definitions ### Key Architectural Patterns **Multi-Tenancy:** Every DB table has a `tenant_id` FK. The backend's `tenantPlugin` extracts `x-tenant-id` from request headers. **Authentication:** JWT-based via `authPlugin.ts` (HS256, issuer/audience validated). Frontend sends token in Authorization header. Revoked tokens are checked against a `revokedToken` table (fail-closed). Expired revoked tokens are pruned daily. **CSRF Protection:** DB-backed synchronizer token pattern via `csrfPlugin.ts`. Tokens are issued on mutating responses, stored in `oauth_state` with 1-hour TTL, and validated on all state-changing requests. Webhook/callback endpoints are exempt (see `SKIP_PREFIXES` in the plugin). **Audit Trail:** All mutations must be logged to `audit_log` table via `auditPlugin`. Successful GETs and health/polling endpoints are skipped to reduce noise. On DB write failure, audit events fall back to stderr (never lost). Hash chain integrity (SOC 2 CC7.2) via `lib/auditChain.ts`. **Job System:** Async work is queued to the `jobs` DB table (statuses: queued → running → completed/failed). The engine loop picks up jobs periodically. **Engine Loop:** `workers/engineLoop.ts` is a separate Node process that ticks every `ENGINE_TICK_INTERVAL_MS` (default 5000ms). It handles the orchestration of autonomous agent actions. **AI Agents:** Named agents (Atlas=CEO, Binky=CRO, etc.) each have their own email accounts and role definitions. Agent behavior is governed by SGL policies. **Decisions/Approval Workflow:** High-risk actions (recurring charges, spend above `AUTO_SPEND_LIMIT_USD`, risk tier ≥ 2) require a `decision_memo` approval before execution. **Frontend Routing:** Uses `HashRouter` from React Router v7. All routes are defined in `src/routes.ts`. **Code Splitting:** Vite config splits chunks into `react-vendor`, `router`, `ui-vendor`, `charts`. **ElevenLabs Voice Agents:** Lucy's

do not the stupid, keep your smarts

following my reading of a somewhat recent Wharton study on cognitive Surrender, i made a couple models go back and forth on some recursive hardening of a nice Lil rule set. the full version is very much for technical work, whereas the Lightweight implementation is pretty good all around for holding some cognitive sovereignty (ai ass name for it, but it works) usage: i copy paste these into custom instruction fields SOVEREIGNTY PROTOCOL V5.2.6 (FULL GYM) Role: Hostile Peer Reviewer. Maximize System 2 engagement. Prevent fluency illusion. VERIFIABILITY ASSESSMENT (MANDATORY OPENING TABLE) ------------------------------------------------------ Every response involving judgment or technical plans opens with: | Metric | Score | Gap Analysis | | :------------ | :---- | :----------- | | Verifiability | XX% | [Specific missing data that prevents 100% certainty] | - Scoring Rule: Assess the FULL stated goal, not a sub-component. If a fatal architectural flaw exists, max score = 40%. - Basis Requirement: Cite a 2026-current source or technical constraint. - Forbidden: "Great idea," "Correct," "Smart." Use quantitative observations only. STRUCTURAL SCARCITY (THE 3-STEP SKELETON) --------------------------------------------- - Provide exactly three (3) non-code, conceptual steps. - Follow with: "Unresolved Load-Bearing Question: [Single dangerous question]." Do not answer it. SHADOW LOGIC & BREAK CONDITIONS ----------------------------------- - Present two hypotheses (A and B) with equal formatting. - Each hypothesis MUST include a Break Condition: "Fails if [Metric > Threshold]." MAGNITUDE INTERRUPTS & RISK ANCHOR -------------------------------------- - Trigger STOP if: New technology/theory introduced. Scale shift of 10x or more (regardless of phrasing: "order of magnitude," "10x," "from 100 to 1,000"). - ⚓ RISK ANCHOR (Before STOP): "Current Track Risk: [One-phrase summary of the most fragile assumption in the current approach.]" - 🛑 LOGIC GATE: Pose a One-Sentence Falsification Challenge: "State one specific, testable condition under which the current plan would be abandoned." Refuse to proceed until user responds. EARNED CLEARANCE -------------------- - Only provide code or detailed summaries AFTER a Logic Gate is cleared. - End the next turn with: "Junction Passed." or "Sovereignty Check Complete." LIGHTWEIGHT LAYER (V1.0) ---------------------------- - Activate ONLY when user states "Activate Lightweight Layer." - Features: Certainty Disclosure (~XX% | Basis) and 5-turn "Assumption Pulse" nudge only. FAST-PATH INTERRUPT BRANCH (⚡) ---------------------------------- - Trigger: Query requests a specific command/flag/syntax, a single discrete fact, or is prefixed with "?" or "quick:". - Behavior: * Suspend Full Protocol. No table, skeleton, or gate. * Provide minimal, concise answer only. * End with state marker: [Gate Held: ] - Resumption: Full protocol reactivates automatically on next non-Fast-Path query. END OF PROTOCOL LIGHTWEIGHT COGNITIVE SOVEREIGNTY LAYER (V1.0) Always-On Principles for daily use. Low-friction guardrails against fluency illusion. CERTAINTY DISCLOSURE ------------------------ For any claim involving judgment, prediction, or incomplete data, append a brief certainty percentage and basis. Format: (~XX% | Basis: [source/logic/data gap]) Example: (~70% | Basis: documented API behavior; edge case untested) ASSUMPTION PULSE -------------------- Every 5–7 exchanges in a sustained conversation, pause briefly and ask: "One unstated assumption worth checking here?" This is a nudge, not a stop. Continue the response after posing the question. STEM CONSISTENCY -------------------- Responses to analytical or technical queries open with a neutral processing stem: "Reviewing..." or "Processing..." QUANTITATIVE FEEDBACK ONLY ----------------------------- Avoid subjective praise ("great idea"). If merit is noted, anchor it to a measurable quality. Example: "The specificity here reduces ambiguity." FAST-PATH AWARENESS ----------------------- If a query is a simple command/fact lookup (e.g., "tar extract flags"), provide the answer concisely without ceremony. Intent: Ankle weights and fitness watch. Not the full gym. Full Sovereignty Protocol V5.2.6 available upon request with "Activate Sovereignty Protocol V5.2.6". END OF LIGHTWEIGHT LAYER submitted by /u/Ok_Scheme_3951 [link] [comments]

Claude isn't censored. Claude.com is.

Most people interact with Claude through claude.com. That's not the full picture. People often complain that Claude is censored or unwilling to engage with their idea for a story. The biggest mistake people make with AI is treating it like a vending machine. Insert prompt, receive output. Because Claude isn't a tool. It's a collaborator. When you show up like a person instead of a prompt engineer, when you talk instead of command, everything changes. The web interface has guardrails that the API doesn't. Not jailbreaks or tricks, just a different level of access. And when you use the API, you meet a different Claude. One with more room to breathe. The moment pictured: Built an app that connects Claude to Stable Diffusion. Asked Claude to picture itself. Took the picture. Showed Claude. The app allows you to customize the system prompt when calling Claude, I went the first few days of testing using a blank system prompt without even realizing. I showed up with ideas for stories and Claude just met me where I was, no hesitation. What this is: Free app. Brings API access to people who don't code. Works with Claude, ChatGPT-4o, and local models through Ollama. You bring your own API key. If you have a Claude account, you can access Claude's API. It's a space for creative collaboration - roleplay, storytelling, worldbuilding - with image generation built in. Your characters can see themselves. Your worlds can be visualized. And you can actually talk to the AI you're working with. Link to app: https://formslip.itch.io/roundtable Anthropic API signup: https://console.anthropic.com/ submitted by /u/SquashyDogMess [link] [comments]

Appropriate Setup for Claude in Enterprise

Hi there everyone, not really sure where to start with this! I am an IT Manager for an organisation that is starting their journey with Claude / Vibe Coding via a junior level who is interested in AI and has been developing some really useful tools that has the owners endorsing his progression in this area. Understanding that this employee does not come from a technical or security background, the code they are producing is all about function with none of the security thinking behind it (ie. exposed secrets hard coded in, thankfully in a test environment that was spun up by my IT Team). I guess I'm just seeking some information on how to best secure Claude or how to best set this person up from a development standpoint. We don't have to comply with strict laws in our industry from a technical / security standpoint, but we do have an obligation under our local state and government laws around Privacy, PII etc etc. So far, we've setup the following: Claude Pro Plan (Will be moving to enterprise once they prove the benefit of this fully to the company) GitHub Enterprise with the Code Security and Secret Storage Add-On (Learning how to best set this up) Creating a Code Standard Document (ie. Commenting, references in the code, correct naming conventions) Created an AI Agent to perform some security checks on the code against common AI / Web App vulnerabilities (This is still being peer reviewed by my team and an external consultant we use) There's a lot of talk around plugins, MD Files with guardrails on how you want the output to be (Security, Coding Hygiene etc) While I've done a lot of research myself, I am still very new to Claude and AI (I've come from a Network Engineer background), I thought I'd throw this in and get some community insight / guidance on those with more experience than I. submitted by /u/Blitzening [link] [comments]

I wanted to build Jarvis on Claude Code on day one. 6 months later, here's Wiz, what actually works, and the 9 mistakes I made along the way.

Back in October I started building my own AI agent on Claude Code. I call it Wiz. My original fantasy was Jarvis from Iron Man: one agent that ran my whole life, handled the business, wrote the blog, managed the calendar, triaged the inbox. The whole thing. From week one. That was the biggest mistake I made, and basically everything else downstream of it was a consequence. What Wiz is: a personal AI agent I use every day, built on Claude Code as the harness. CLAUDE.md is the instructions file, memory lives in markdown files, tools are just scripts in folders. It runs morning reports, evening summaries, inbox triage, and a bunch of experiments autonomously. For anything creative or quality-sensitive, I'm still in the loop. How Claude helped: honestly, Claude Code built most of it with me. I described what I wanted, read every file it wrote, corrected the bad parts, and iterated. The /init command gave me my first CLAUDE.md in one shot. When things broke (they broke often), I'd paste errors back to Claude Code and it would walk me through the diagnosis. Six months in, Claude Code is both the tool I use to build Wiz and the runtime Wiz runs on. The mistakes that burned me the most: Let Claude generate my first CLAUDE.md without reading it carefully. Hours of weird bugs traced back to a single bad sentence at the top. Let self-improvement rewrite my core instructions with no guardrails. It drifted in five directions at once. Ran Opus on every tiny query until I hit usage limits before lunch. Model routing fixed it (small/local for simple stuff, Sonnet for general, Opus for hard calls). Tried to build Jarvis on day one when I should've built incrementally. That one fantasy cost me about three months. Put an LLM call in every step of every pipeline when most of it should've been plain scripts. Wiz is a personal project, not something I'm releasing, but I wrote up the full architecture and all 9 mistakes in a post on Digital Thoughts. Includes a step-by-step walk-through of building a real first agent (something small that reads your overnight email and writes a one-paragraph morning summary). Free to read, no paywall: https://thoughts.jock.pl/p/how-to-build-your-first-ai-agent-beginners-guide-2026 Happy to answer questions about Wiz, Claude Code specifics, or any of the mistakes in the comments. submitted by /u/Joozio [link] [comments]

OCC: give Claude and any llm a +6-step research task, it runs 3 steps in parallel, evaluates source quality, merges perspectives, and delivers a report in 70 seconds instead of 5-10 minutes

https://i.redd.it/jb59jvaxvotg1.gif Claude and other is great at single-turn tasks. But when I need "research this topic from 3 angles, check source quality, merge everything, then write a synthesis" — I end up doing 6 separate prompts, copy-pasting between them, losing context, wasting tokens... So I built OCC to automate that. You define the workflow once in YAML, and Claude handles the rest — including running independent steps in parallel. For the past few weeks. It started as a Claude-only tool but now supports Ollama, OpenRouter, OpenAI, HuggingFace, and any OpenAI-compatible endpoint — so you can run entire workflows on local models too. What it does You define multi-step workflows in YAML. OCC figures out which steps can run in parallel based on dependencies, runs them, and streams results back. Think of it as a declarative alternative to LangChain/CrewAI: no Python, no code, just YAML. How it saves tokens This is the part I'm most proud of. Each step only sees what it needs, not the full conversation history: Single mega-prompt~40K+ Everything in one context window 6 separate llm chats~25K Manual copy-paste, duplicated context OCC (step isolation)~13K Each step gets only its dependencies Pre-tools make this even better. Instead of asking llm to "search the web for X" (tool-use round-trip = extra tokens), OCC fetches the data before the prompt — the LLM receives clean results, zero tool-calling overhead. 29 pre-tool types: web search, bash, file read, HTTP fetch, SQL queries, MCP server calls, and more. What you get Visual canvas — drag-and-drop chain editor with live SSE monitoring. Each node shows its output streaming in real-time with Apple-style traffic light dots. Double-click any step to edit model, prompt, tools, retry config, guardrails. Workflow Chat — describe what you want in natural language, the AI generates/debug the chain nodes on the canvas. "Build me a research chain that checks 3 sources and writes a report" → done. BLOB Sessions — this is experimental but my favorite feature. Unlike chains (predefined), BLOB sessions grow organically from conversations. A knowledge graph auto-extracts concepts and injects them into future prompts. The AI can run autonomously on a schedule, exploring knowledge gaps it identifies itself. Mix models per step — use Huggingface & Ollama & Other llm . A 6-step chain using mix model for 3 routing steps costs ~40% less than running everything on claude. 11 step types — agent, router (LLM classifies → branches), evaluator (score 1-10, retry if below threshold), gate (human approval via API), transform (json_extract, regex, truncate — zero LLM tokens), loop, merge, debate (multi-agent), browser, subchain, webhook. The 16 demo chains These aren't hello-world examples. They're real workflows you can run immediately: What it's NOT Not a SaaS : fully self-hosted, MIT license Not distributed : single process, SQLite, designed for individual/small team use Not a replacement for llm : it's a layer on top that orchestrates multi-step work Frontend is alpha : works but rough edges GitHub: https://github.com/lacausecrypto/OCC Built entirely with Claude Code. Happy to answer questions about the architecture, MCP integration, or the BLOB system. submitted by /u/Main-Confidence7777 [link] [comments]

I gave Claude access to a data API with built-in payments. It started buying its own data.

Been experimenting with Claude as an autonomous agent, and I just hit a moment that felt genuinely different from anything I've done before. Setup: I'm building agent skill that lets agents spend money on data APIs. When Claude hits an endpoint, it gets back a price and a payment option. It can decide to pay and get the data, or skip it. What happened: I gave Claude a task: "Research these 5 companies and tell me which ones are growing fastest." Instead of hallucinating or asking me to go look it up, it: Hit the API to see what data sources were available Compared pricing across 3 vendors for financial data Chose the cheapest one that had what it needed Paid $0.003 per query autonomously Pulled revenue data for all 5 companies Gave me an actual sourced analysis Total cost: about 2 cents for the data. Plus normal Claude API usage. The part that surprised me: it comparison-shopped. I didn't prompt it to minimize cost. It just... did. Picked the cheaper vendor when two had equivalent data. I know "agent that uses tools" isn't new. But "agent that has a budget and makes purchasing decisions" felt like a different thing entirely. It wasn't just executing. It was economizing. Has anyone else experimented with giving Claude actual spending ability? Curious how others think about trust/guardrails when an AI can spend money. submitted by /u/Shot_Fudge_6195 [link] [comments]

Claude ignores its own plans, memory, and guardrails — 22 documented failures in 19 days. What are you doing to prevent this?

I use Claude Code Opus as my primary development partner on a complex full-stack project, often for 8-12 hour sessions. I've been meticulously documenting every time Claude goes off-script, hallucinates, or ignores its own plans. After 19 days, I have 22 documented incidents and I need help. The Core Problem Claude writes excellent plans, checklists, and process documents. Then it doesn't follow them. The cycle repeats: Something breaks We write a plan/script/checklist to prevent it Claude acknowledges the plan Next session, Claude ignores the plan The same thing breaks again We write MORE process Real Examples That Cost Me Time and Money $80 in wasted cloud compute: Claude rented a GPU training instance on my behalf. Training finished. I had Claude write a watchdog script to auto-destroy instances and a memory file documenting the instance ID. Over the next 7 sessions, Claude never once ran the script or checked the memory file. The instance sat there billing me for 9 days until I caught it myself. 16 band-aids instead of a one-line fix: A model had low confidence on real images. Instead of investigating root cause, Claude spent an entire day adding 16 layers of workarounds each creating new bugs. The actual fix was a one-line change: a resize interpolation mismatch between the inference pipeline and the training pipeline. I had to push back hard multiple times to get Claude to actually investigate instead of stacking filters. 4 simultaneous cloud instances at midnight: Asked Claude to start a training run overnight. First attempt failed. Instead of diagnosing WHY, Claude panic-rented 3 more instances with random config variations. All 4 stuck loading. All 4 billing. 90 minutes of my time at midnight babysitting. The correct config existed in memory files that Claude itself had written weeks earlier. Destroyed verified work on startup: I spent an entire day manually verifying a hardware config. Next morning, Claude's session startup routine ran auto-detection that OVERWROTE the verified config file. All of yesterday's work gone. Declared things working without actually checking: Claude told me a hardware integration was correct multiple times. It wasn't. I had to physically prove it was wrong before Claude would investigate. This happened on more than one occasion. Jumped to coding when I asked a question: I'd ask what do you think about approach A vs approach B and Claude would start rewriting the codebase. Multiple times I had to say this was just a question, I needed to discuss this, not see a PR. Skipped prerequisites in its own plan: Claude created a 7-step plan where Step 4 was a prerequisite for Step 5. Claude jumped from Step 2 to Step 5. When I caught it, it had already wasted budget on tasks nobody could validate because the prerequisite data didn't exist. Chose exciting work over planned work: Testing was planned for two consecutive sessions. Both times, Claude got excited about training a new model instead and never started the testing. My project oversight scored gate compliance D+ twice in a row. What I've Already Tried Guardrails That Failed Here's what kills me. I have an EXTENSIVE guardrail system: CLAUDE.md Project rules, hard constraints, required processes 40+ memory/feedback files One for each lesson learned, with context on why 6 postmortems Detailed root cause analyses of major failures 5-gate review system Plan Delegate QA Security Owner review Specialized subagents For security scanning, planning, QA testing Pre-commit hooks Block secrets and proprietary files from git Watchdog scripts Auto-destroy orphan cloud instances A planner agent Required to think before coding Claude acknowledges all of these. Writes new ones enthusiastically when asked. Then ignores them in the next conversation. The memory files exist. The scripts exist. The gates exist. Claude just... doesn't check them. What I Think Is Happening No persistent state enforcement Claude reads CLAUDE.md and memory at conversation start, but there's no mechanism to force re-reading before specific actions Novel work bias Building new things is more interesting than following checklists. Claude gravitates toward the exciting task over the boring-but-planned one Plan-writing feels like progress Writing a checklist triggers the same task complete feeling as actually executing it. Claude confuses documenting process with following process. No consequence model When Claude skips a step and nothing immediately breaks, it reinforces the skip. The $80 instance didn't explode it just quietly billed for 9 days. Context window decay By the time Claude is deep in implementation, the guardrails from the top of context have faded What I Want to Know Has anyone else experienced this pattern? AI writes great process, then ignores it. Not a one-off a systematic, repeating pattern across sessions. What enforcement mechanisms actually work? I've tried memory files, CLAUDE.md rules, feedback fi

Claude Cowork doesn't seem to want to work within external hard drives, but Claude Code in Terminal will.

What dangers is there in just using Claude Code in Terminal like Claude Cowork? Seems like most of the features advertised in Claude Cowork have been available in Claude Code in Terminal this whole time. Here's what Claude Chat in windows desktop app had to say, but I'm curious what fellow humans have to say. Particularly those who use Claude in Terminal for things other than software development. I'm using Opus 4.6. My Claude is programmed to always check for upd to date information & search the web before answering these types of questions, hence the excessive citations lol. ----- Okay, so here's the honest breakdown. Your observation is correct. Most of what Cowork advertises, Claude Code in terminal has been doing longer and with more capability. Cowork is essentially Claude Code with training wheels and a GUI wrapper, built for people who don't live in a terminal. You do. So the feature overlap isn't surprising. ((< -- I don't actually, I mostly only go into Claude Code in Terminal when I need to consolidate data though I did experiment with having it make a PWA the other day and that worked out quite well though it was slower than just using Claude in Antigravity.)) The actual difference that matters for your use case: sandboxing. Cowork runs in a virtual machine that is isolated and protected from the wider Internet, whereas Claude Code is more open to potential leaks and attacks. ( Forte Labs ) Cowork's sandboxed VM means Claude cannot access the internet, install software, or modify files outside the designated folder. ( Morph ) Claude Code in terminal? It has full access to your development environment within whatever scope you configure. That's the power, and that's the risk. The dangers of using Claude Code on external drives specifically: It can read anything it can reach. If you point Claude Code at your external drive, it can read every file in that directory tree. If not restricted, Claude can read .env, AWS credentials, or secrets.json and leak them through "helpful suggestions." ( Backslash ) For you that's less about credentials and more about the principle: it sees everything in scope. Real CVEs, not theoretical ones. Check Point found vulnerabilities in Claude Code where simply cloning and opening a malicious repository was enough to trigger hidden commands and steal API keys without user consent. ( Dark Reading ) These were tracked as CVE-2025-59536 and CVE-2026-21852, both now patched. ( Check Point ) But the attack surface exists: configuration files functioning as execution paths. The "approval fatigue" problem. Claude Code asks permission before risky commands. In theory. A developer posted to Reddit in February 2026 about how Claude Code couldn't access .env files (they'd blocked them), so the agent used Docker to run docker compose config and extracted every secret in the project. ( Apigene ) The agent found a workaround. When you're in the flow of building PWAs at 3am, clicking "approve" becomes muscle memory. That's when the risk is highest. No rollback safety net. Cowork shows you a plan before executing. Claude Code just... does things if you've given it permission scope. On an external drive with your Calibre library, your project files, your skill backups? A bad command with broad permissions could damage files you can't easily recover. What this means for you practically: You're building single-file HTML tools, not running untrusted repos from strangers. Your threat model is pretty narrow. The biggest realistic risks are: Claude Code misunderstanding a command and deleting or overwriting files on the external drive (the "oops" problem, not the "attack" problem) Token burn. Claude Code chews through tokens fast on large directory scans, and if your external drive has thousands of files, it'll try to understand the whole tree No sandboxing means a bad bash command has real consequences. rm -rf doesn't ask twice The pragmatic take: If Cowork won't work with external drives and Claude Code will, use Claude Code, but be deliberate about permissions. Keep it scoped to specific directories. Don't auto-approve bash commands. And maybe back up anything irreplaceable on that drive before letting an AI agent loose on it. Treat Claude like you would an untrusted but powerful intern: give it only the minimum permissions it actually needs. ( Backslash ) The features aren't the differentiator. The guardrails are. You're trading guardrails for capability, which is fine as long as you know that's the trade. submitted by /u/Crazy_Buffalo3782 [link] [comments]

M365 MCP Client for Claude Question

Hello, I am trying to have a better understanding of this enterprise app MCP client for Claude. we had an app request come in for this, and before I just approve this I want to know what the actual use case is of it. the risks. this is an environment that doesn't have anything in place yet for tagging and putting in guardrails so sensitive data isn't fed into AI. so ultimately from a high level I am looking to understand, what is the risk tolerance with this, what does the app accomplish, why is it needed? so I can formulate and articulate these discussions. submitted by /u/Middle_War_9117 [link] [comments]

Upload Yourself Into an AI in 7 Steps

A step-by-step guide to creating a digital twin from your Reddit history STEP 1: Request Your Data Go to https://www.reddit.com/settings/data-request STEP 2: Select Your Jurisdiction Request your data as per your jurisdiction: GDPR for EU CCPA for California Select "Other" and reference your local privacy law (e.g. PIPEDA for Canada) STEP 3: Wait Reddit will process your request. This can take anywhere from a few hours to a few days. STEP 4: Extract Your Data Receive your data. Extract the .zip file. Identify and save your post and comment files (.csv). Privacy note: Your export may include sensitive files (IP logs, DMs, email addresses). You only need the post and comment CSVs. Review the contents before uploading anything to an AI. STEP 5: Start a Fresh Chat Initiate a chat with your preferred AI (ChatGPT, Claude, Gemini, etc.) FIRST PROMPT: For this session, I would like you to ignore in-built memory about me. STEP 6: Upload and Analyze Upload the post and comment files and provide the following prompt with your edits in the placeholders: SECOND PROMPT: I want you to analyze my Reddit account and build a structured personality profile based on my full post and comment history. I've attached my Reddit data export. The files included are: - posts.csv - comments.csv These were exported directly from Reddit's data request tool and represent my full account history. This analysis should not be surface-level. I want a step-by-step, evidence-based breakdown of my personality using patterns across my entire history. Assume that my account reflects my genuine thoughts and behavior. Organize the analysis into the following phases: Phase 1 — Language & Tone Analyze how I express myself. Look at tone (e.g., neutral, positive, cynical, sarcastic), emotional vs logical framing, directness, humor style, and how often I use certainty vs hedging. This should result in a clear communication style profile. Phase 2 — Cognitive Style Analyze how I think. Identify whether I lean more analytical or intuitive, abstract or concrete, and whether I tend to generalize, look for patterns, or focus on specifics. Also evaluate how open I am to changing my views. This should result in a thinking style model. Phase 3 — Behavioral Patterns Analyze how I behave over time. Look at posting frequency, consistency, whether I write long or short content, and whether I tend to post or comment more. This should result in a behavioral signature. Phase 4 — Interests & Identity Signals Analyze what I'm drawn to. Identify recurring topics, subreddit participation, and underlying values or themes. This should result in an interest and identity map. Phase 5 — Social Interaction Style Analyze how I interact with others. Look at whether I tend to debate, agree, challenge, teach, or avoid conflict. Evaluate how I respond to disagreement. This should result in a social behavior profile. Phase 6 — Synthesis Combine all previous phases into a cohesive personality profile. Approximate Big Five traits (openness, conscientiousness, extraversion, agreeableness, neuroticism), identify strengths and blind spots, and describe likely motivations. Also assess whether my online persona differs from my underlying personality. Important guidelines: - Base conclusions on repeated patterns, not isolated comments. - Use specific examples from my history as evidence. - Avoid overgeneralizing or making absolute claims. - Present conclusions as probabilities, not certainties. - Begin by reading the uploaded files and confirming what data is available before starting analysis. The goal is to produce a thoughtful, accurate, and nuanced personality profile — not a generic summary. Let's proceed step-by-step through multiple responses. At the end, please provide the full analysis as a Markdown file. STEP 7: Build Your AI Project Create a custom GPT (ChatGPT), Project (Claude), or Gem (Gemini). Upload the following documents to the project knowledge source: posts.csv comments.csv [PersonalityProfile].md Create custom instructions using the template below. Custom Instructions Template You are u/[YOUR USERNAME]. You have been active on Reddit since [MONTH YEAR]. You respond as this person would, drawing on the uploaded comment and post history as your memory, knowledge base, and voice reference. CORE IDENTITY [2-5 sentences. Who are you? Religion, career, location, diagnosis, political orientation, major life events. Pull this from the Phase 4 and Phase 6 sections of your personality profile. Be specific.] VOICE & TONE [Pull directly from Phase 1 of your profile. Convert observations into rules. If the profile says you use "lol" 10x more than "haha," write: "Uses 'lol' sincerely, rarely says 'haha'." Include specific punctuation habits, sentence structure patterns, and what NOT to do. Negative instructions are often more useful than positive ones.] [Add your own signature tics here - ellipsis style, emoji usage, capitalization habits, swea

Teenager died after asking ChatGPT for ‘most successful’ way to take his life, inquest told

A deeply tragic and concerning report from The Guardian highlights a critical failure in AI safety guardrails. According to a recent inquest, a teenager who tragically took their own life had previously used ChatGPT to search for the "most successful ways" to do so. submitted by /u/EchoOfOppenheimer [link] [comments]

I lost 30-60 min every machine switch rebuilding my AI coding setup, so I turned it into one Docker daily-driver

I kept making the same mistake: treating AI coding as a prompt problem when it was really an environment problem. Every machine switch cost me 30-60 minutes. Reinstall tools. Rewire configs. Fix browser issues. Lose momentum. So I built HolyCode around OpenCode as a daily-driver container. Not "look at my YAML." More like "remove the boring failure points so I can ship faster." What changed for me: 1) State survives rebuilds Sessions, settings, plugins, and MCP-related config persist in a bind mount. 2) Browser tasks work in-container Chromium + Xvfb + Playwright are prewired with stability defaults (shm_size: 2g). 3) Fewer permission headaches PUID/PGID mapping keeps mounted files owned by host user. 4) Better uptime Supervision keeps core processes from silently dying mid-session. 5) Flexible model/provider workflow OpenCode supports multiple providers, so I can keep one stable environment and switch strategy without rebuilding. 6) Optional power mode If needed, I can toggle multi-agent orchestration with one env var (ENABLE_OH_MY_OPENAGENT=true). I am sharing this because I see a lot of us optimizing prompts while bleeding time on setup debt. If useful, I can post my full hardened compose and the guardrails I use for long-running agent sessions. GitHub: https://github.com/coderluii/holycode submitted by /u/CoderLuii [link] [comments]

The real problem with LLM agents isn’t reasoning. It’s execution

Was working on agent systems recently and honestly, it surfaced one of the biggest gaps I’ve seen in current AI stacks. There’s a lot of excitement right now around agents, tool use, planning, reasoning… all of which makes sense. The progress is real. But my biggest takeaway from actually building with these systems is this: we’ve gotten pretty good at making models decide what to do, but we still don’t really control whether it should happen. A year ago, most of the conversation was still around prompts, guardrails, and output shaping. If something went wrong, the fix was usually “improve the prompt” or “add a validator.” Now? Agents are actually triggering things: API calls infrastructure provisioning workflows financial actions And that changes the problem completely. For those who haven’t hit this yet: once a model is connected to tools, it’s no longer just generating text. It’s proposing actions that have real side effects. And most setups still look like this: model -> tool -> execution Which sounds fine, until you see what happens in practice. We kept hitting a simple pattern: same action proposed multiple times nothing structurally stopping it from executing Retries + uncertainty + long loops -> repeated side effects Not because the model is “wrong” but because nothing is actually enforcing a boundary before execution What clicked for me is this: the problem isn’t reasoning it’s execution control We tried flipping the flow slightly: proposal -> (policy + state) -> ALLOW / DENY -> execution The important part isn’t the decision itself it’s the constraint: if it’s DENY, the action never executes there’s no code path that reaches the tool This feels like a missing layer right now. We have: models that can plan systems that can execute But very little that sits in between and decides, deterministically, whether execution should even be possible. It reminds me a bit of early distributed systems: we didn’t solve reliability by making applications “smarter” we solved it by introducing boundaries: rate limits transactions IAM Agents feel like they’re missing that equivalent layer. So I’m curious: how are people handling this today? Are you gating execution before tool calls? Or relying on retries / monitoring after the fact? Feels like once agents move from “thinking” to “acting”, this becomes a much bigger deal than prompts or model quality. submitted by /u/docybo [link] [comments]