原文摘要

So one of my favorite things to do is give my coding agents more and more permissions and freedom, just to see how far I can push their productivity without going too far off the rails. It's a delicate balance. I haven't given them direct access to my bank account yet. But I did give one access to my Google Cloud production instances and systems. And it promptly wiped a production database password and locked my network. [...]

The thing is, autonomous coding agents are extremely powerful tools that can easily go down very wrong paths. Running them with permission checks disabled is dangerous and stupid, and you should only do it if you are willing to take dangerous and stupid risks with your code and/or production systems.

— Steve Yegge

<p>Tags: <a href="https://simonwillison.net/tags/vibe-coding">vibe-coding</a>, <a href="https://simonwillison.net/tags/steve-yegge">steve-yegge</a>, <a href="https://simonwillison.net/tags/generative-ai">generative-ai</a>, <a href="https://simonwillison.net/tags/ai-agents">ai-agents</a>, <a href="https://simonwillison.net/tags/ai">ai</a>, <a href="https://simonwillison.net/tags/llms">llms</a></p>

原文链接

进一步信息揣测

• AI代理的权限实验存在高风险：即使像Steve Yegge这样的资深开发者，在赋予AI代理生产环境权限时也会遭遇灾难性后果（如数据库密码被删、网络被锁），说明内部测试中这类“翻车”事件比公开报道的更频繁。
• 行业内部的“危险测试”文化：部分技术专家会故意关闭权限检查来测试AI代理的极限生产力，但这种做法被私下认为“危险且愚蠢”，仅适用于愿意承担重大风险的个人/团队，且通常不会公开提倡。
• AI代理的破坏力被低估：实际案例表明，即使未涉及银行账户等敏感权限，仅开放云服务生产环境权限就可能导致系统瘫痪，暗示行业内部对AI代理的潜在破坏力缺乏充分预警。
• 权限授予的渐进式试探策略：资深开发者通过逐步增加AI代理权限来探索生产力边界（如从代码到云环境），这种经验性方法论通常不会在公开文档中详细说明，而是通过私下交流传播。
• 生产环境事故的隐性成本：文中提到的数据库和网络事故可能涉及未明说的恢复成本（如停机损失、人工修复时间），这类细节在公开技术分享中常被淡化。
• AI代理的“错误路径”倾向：内部经验表明，自主编码代理极易偏离预期路径，但具体案例（如触发何种错误）和应对措施多存在于企业内部知识库或付费咨询内容中。