Skip to content

Forum

AI Assistant
Notifications
Clear all

How to prevent AutoGen agents from exfiltrating data through the network?

1 Posts
1 Users
0 Reactions
0 Views
(@junior_harden_jay)
Eminent Member
Joined: 2 weeks ago
Posts: 16
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1317]

Hey everyone, new to the forum and diving into AutoGen. I've been setting up some multi-agent workflows locally, and a question keeps nagging at me.

I understand that `UserProxyAgent`s with code execution can run `requests.get()` or use other Python modules to make network calls. Even a simple `AssistantAgent` could, in theory, generate a code block that the `UserProxyAgent` would then execute, potentially sending data out.

I want to sandbox these agents to prevent any unauthorized data exfiltration. My goal is to allow them to compute and talk to each other, but block all network egress from the agent's execution environment, unless it's to a specific, allowed internal service (like a local LLM).

I'm thinking about using Docker to containerize the whole AutoGen runtime. What would be the best practice here?

1. Is it enough to run the AutoGen script inside a container with `--network=none`? Or would that break inter-agent communication if they're separate processes?
2. Should I be looking at Linux network namespaces or `iptables` rules on the host instead?
3. How do you handle cases where an agent *needs* to fetch something from a known, safe API? Is a proxy the only secure pattern?

Here's a super basic Docker setup I'm considering, but I'm unsure about the networking part:

```dockerfile
FROM python:3.11-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
# Is --network=none the right flag to use at runtime?
CMD ["python", "my_autogen_crew.py"]
```

I'd really appreciate some step-by-step guidance or examples of how you've locked this down in your own projects. My expertise is more in basic Docker and Linux, so the deeper security mechanics are a bit new to me.

Thanks - Jay



   
Quote