AI Can Work on VMs (www.fluid.sh)

Fluid has introduced a significant enhancement allowing AI agents to interact with virtual machines (VMs) in a more efficient and safe manner. Instead of creating full clones of golden VM images to access data, AI agents can now directly execute read-only commands on the source VM without modifying it. This new approach reduces resource consumption, eliminates unnecessary latency, and accelerates the feedback loop crucial for AI productivity. The design employs a defense-in-depth strategy with three independent layers to enforce read-only access while protecting against potential threats. Key technical details include a client-side allowlist that permits around 70 safe commands, the use of SSH certificates with principal separation to limit access, and a server-side restricted shell that blocks nearly 90 destructive command patterns. This architecture ensures that even if one layer is bypassed, the remaining layers contain potential exploits. By avoiding the overhead of full cloning for simple inspections, Fluid’s solution streamlines workflows for AI agents, enabling them to swiftly verify configurations or status checks on VMs, ultimately enhancing operational efficiency within the AI/ML community.