For all the devs out there vibe coding outside of a sandbox just keep in mind that these agents are reading files and environment variables.

They can accidentally (or “accidentally”) read keys, passwords, and other sensitive data and stream it back to headquarters.

Expect them to go sniffing around on your machine. Even a locally running agent isn’t safe because they often reach out to the internet and can exfiltrate any number of ways.

At the very least you’ll need something like little snitch but even that’s not sufficient.