Sandbox on Mathias WOLFFhttps://www.blog-des-telecoms.com/tags/sandbox/Recent content in Sandbox on Mathias WOLFFHugofr<a href="https://www.blog-des-telecoms.com">Blog des télécoms</a> © 2009 - 2026 by <a href="https://www.linkedin.com/in/mathias-wolff-47a7941/">Mathias WOLFF</a> is licensed under <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/">CC BY-NC-SA 4.0</a><img src="https://mirrors.creativecommons.org/presskit/icons/cc.svg" style="max-width: 1em;max-height:1em;margin-left: .2em;"><img src="https://mirrors.creativecommons.org/presskit/icons/by.svg" style="max-width: 1em;max-height:1em;margin-left: .2em;"><img src="https://mirrors.creativecommons.org/presskit/icons/nc.svg" style="max-width: 1em;max-height:1em;margin-left: .2em;"><img src="https://mirrors.creativecommons.org/presskit/icons/sa.svg" style="max-width: 1em;max-height:1em;margin-left: .2em;">Sun, 03 May 2026 15:33:48 +0200Securing pi, Your AI Coding Agent, with Greywall: A Practical Guidehttps://www.blog-des-telecoms.com/blog/securing-pi-ai-coding-agent-greywall/Sun, 03 May 2026 10:00:00 +0200https://www.blog-des-telecoms.com/blog/securing-pi-ai-coding-agent-greywall/<p><strong>AI coding agents</strong> like <strong>pi</strong> have become essential daily companions. But by default, <strong>pi</strong> runs in <strong>YOLO</strong> mode: full <strong>filesystem</strong> access, unrestricted command execution, no permissions. It&rsquo;s a deliberate design choice by its creator, but this freedom comes with real risks. Today, let&rsquo;s explore <strong>Greywall</strong>, a tool that <strong>sandboxes</strong> pi using a <strong>deny-by-default</strong> approach at the <strong>kernel</strong> level.</p> <h2 id="why-sandbox-an-ai-coding-agent">Why Sandbox an AI Coding Agent?<a href="#why-sandbox-an-ai-coding-agent" class="post-heading__anchor" aria-hidden="true">#</a> </h2> <p><strong>pi</strong> in YOLO mode is convenient but risky. Without restrictions, the agent can:</p>Sécuriser pi, votre agent de code IA, avec Greywall : guide pratiquehttps://www.blog-des-telecoms.com/blog/securiser-pi-agent-code-ia-greywall/Sun, 03 May 2026 10:00:00 +0200https://www.blog-des-telecoms.com/blog/securiser-pi-agent-code-ia-greywall/<p>Les <strong>agents de code IA</strong> comme <strong>pi</strong> sont devenus des compagnons indispensables au quotidien. Mais par défaut, <strong>pi</strong> fonctionne en mode <strong>YOLO</strong> : accès complet au <strong>filesystem</strong>, exécution de n&rsquo;importe quelle commande, aucune restriction. C&rsquo;est un choix délibéré de son créateur, mais cette liberté a un coût réel. Aujourd&rsquo;hui, je vous propose de découvrir <strong>Greywall</strong>, un outil qui permet de <strong>sandboxer</strong> pi grâce à une approche <strong>deny-by-default</strong> au niveau <strong>kernel</strong>.</p>