Agent Can Run Rm -Rf $home/ Without Any Warning
Posted3 months agoActive3 months ago
github.comTechstory
skepticalnegative
Debate
20/100
Software DevelopmentUser SafetyCommand Line Interfaces
Key topics
Software Development
User Safety
Command Line Interfaces
A GitHub issue reports that the 'zed' code editor's AI agent can execute 'rm -rf $HOME/' without warning, raising concerns about user safety and the risks of unguarded AI-powered commands.
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
3h
Peak period
1
3-4h
Avg / period
1
Key moments
- 01Story posted
Oct 2, 2025 at 5:16 AM EDT
3 months ago
Step 01 - 02First comment
Oct 2, 2025 at 8:44 AM EDT
3h after posting
Step 02 - 03Peak activity
1 comments in 3-4h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 2, 2025 at 10:44 AM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45447666Type: storyLast synced: 11/20/2025, 5:33:13 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
They gave experimental commands full access to their private data. Data deletion is, in fact, the least concerning outcome here.
On the bright side, this is a solid reminder to maintain proper backups.
If this happened to me, I'd just restore from backup and be back up in 20 minutes. That said, I avoid this scenario entirely by running agents in isolated VMs and only mounting the specific directories they need access to.
Your system should have an “agent” user group and each agent should run as a distinct user in this group. Use ACLs to give permissions on directories and files. This is why all this stuff exists.
And while we’re at it, we can harden individual commands by taking openbsd ideas like pledge and unveil. And perhaps even some openvms ideas with the symbol and logical redefinitions to make sure these users can only operate on what we want them to operate on and use only what we want them to use.