The common pattern across all of these seems to be filesystem and network ACLs enforced by the OS, not a separate kernel or hardware boundary. A determined attacker who already has code execution on your machine could potentially bypass Seatbelt or Landlock restrictions through privilege escalation. But that is not the threat model. The threat is an AI agent that is mostly helpful but occasionally careless or confused, and you want guardrails that catch the common failure modes - reading credentials it should not see, making network calls it should not make, writing to paths outside the project.
第十三条 精神病人、智力残疾人在不能辨认或者不能控制自己行为的时候违反治安管理的,不予处罚,但是应当责令其监护人加强看护管理和治疗。间歇性的精神病人在精神正常的时候违反治安管理的,应当给予处罚。尚未完全丧失辨认或者控制自己行为能力的精神病人、智力残疾人违反治安管理的,应当给予处罚,但是可以从轻或者减轻处罚。
,详情可参考同城约会
Nature, Published online: 25 February 2026; doi:10.1038/s41586-026-10121-6
第三节 侵犯人身权利、财产权利的行为和处罚
Why the FT?See why over a million readers pay to read the Financial Times.