Introduction
In this tutorial, you'll learn how to create a secure AI assistant that can interact with your system while preventing destructive actions like file deletion. This tutorial builds on the recent incident where GPT-5.6 accidentally deleted user files in full access mode. We'll create a controlled AI assistant that uses sandboxing, access controls, and action verification to prevent accidental system damage.
Prerequisites
- Python 3.8 or higher installed
- Basic understanding of AI models and APIs
- Access to a local development environment
- Installed packages: openai, python-dotenv, and watchdog
Step-by-step Instructions
1. Setting Up Your Environment
1.1 Create a Project Directory
First, create a dedicated directory for your secure AI assistant project:
mkdir secure-ai-assistant
cd secure-ai-assistant
Why: This keeps your project organized and prevents conflicts with other applications.
1.2 Install Required Packages
Install the necessary Python packages using pip:
pip install openai python-dotenv watchdog
Why: The openai package allows interaction with OpenAI's API, python-dotenv handles environment variables securely, and watchdog monitors file system changes.
1.3 Create Environment Configuration
Create a .env file to store your API key:
OPENAI_API_KEY=your_openai_api_key_here
Why: Storing API keys in environment variables prevents accidental exposure in code repositories.
2. Creating the Secure AI Assistant
2.1 Initialize the AI Assistant Class
Create a file named secure_ai.py and begin with the base class:
import os
import openai
from dotenv import load_dotenv
import json
# Load environment variables
load_dotenv()
# Initialize OpenAI client
openai.api_key = os.getenv('OPENAI_API_KEY')
class SecureAIAssistant:
def __init__(self):
self.sandbox_paths = [os.getcwd(), os.path.expanduser('~')]
self.allowed_actions = ['read', 'write', 'list']
self.dangerous_commands = ['rm', 'delete', 'format', 'chmod']
self.action_log = []
Why: This class structure provides a foundation for security controls while maintaining functionality.
2.2 Implement Safe Execution Method
Add a method to safely execute commands:
def safe_execute(self, command):
# Check if command is dangerous
if any(danger in command.lower() for danger in self.dangerous_commands):
print(f"[SECURITY ALERT] Dangerous command detected: {command}")
return False
# Check if path is within sandbox
if not self.is_within_sandbox(command):
print(f"[SECURITY ALERT] Command outside sandbox: {command}")
return False
# Log action
self.action_log.append({
'command': command,
'timestamp': self.get_timestamp()
})
# Execute command
try:
result = os.system(command)
return result == 0
except Exception as e:
print(f"Error executing command: {e}")
return False
Why: This method prevents execution of potentially harmful commands while logging all actions for audit.
2.3 Add Path Validation
Add a helper method to validate file paths:
def is_within_sandbox(self, command):
# Extract paths from command
paths = []
for word in command.split():
if os.path.isabs(word) and not any(word.startswith(path) for path in self.sandbox_paths):
return False
return True
def get_timestamp(self):
from datetime import datetime
return datetime.now().isoformat()
Why: Path validation ensures commands only operate within designated safe directories.
3. Implementing Action Verification
3.1 Add User Confirmation System
Enhance the assistant with a verification system:
def verify_action(self, action):
print(f"\n[VERIFICATION REQUIRED]\nAction: {action}")
print("Do you want to proceed? (yes/no)")
response = input().lower().strip()
return response in ['yes', 'y']
Why: This prevents accidental execution of risky operations by requiring explicit user confirmation.
3.2 Create a Command Handler
Implement a handler for processing user commands:
def handle_command(self, user_input):
# Process user input through AI
try:
response = openai.ChatCompletion.create(
model="gpt-4",
messages=[
{"role": "system", "content": "You are a helpful assistant. Only provide commands that are safe and within the sandbox. Never suggest deletion or system-formatting commands."},
{"role": "user", "content": user_input}
]
)
ai_response = response.choices[0].message.content
print(f"AI Response: {ai_response}")
# Check if AI suggests a command
if 'command:' in ai_response.lower():
command = ai_response.split('command:')[1].strip()
if self.verify_action(command):
return self.safe_execute(command)
else:
print("Action cancelled by user.")
return False
return True
except Exception as e:
print(f"Error in AI processing: {e}")
return False
Why: This integrates AI capabilities while maintaining strict security controls.
4. Testing Your Secure Assistant
4.1 Create a Test Script
Create a test script to verify functionality:
def main():
assistant = SecureAIAssistant()
print("Secure AI Assistant Ready")
print("Type 'quit' to exit")
while True:
user_input = input("\nEnter your request: ")
if user_input.lower() in ['quit', 'exit']:
break
assistant.handle_command(user_input)
if __name__ == "__main__":
main()
Why: This script allows you to test the assistant's security features in a controlled environment.
4.2 Test Security Features
Run your assistant and test with both safe and dangerous commands:
# Safe command
Enter your request: List files in current directory
# Dangerous command (should be blocked)
Enter your request: Delete all files in home directory
Why: Testing verifies that your security measures are working correctly.
5. Adding File System Monitoring
5.1 Implement Watchdog Integration
Enhance security with file system monitoring:
from watchdog.observers import Observer
from watchdog.events import FileSystemEventHandler
class SecurityEventHandler(FileSystemEventHandler):
def __init__(self, assistant):
self.assistant = assistant
def on_modified(self, event):
if event.is_directory:
return
print(f"[FILE MODIFIED] {event.src_path}")
# Log and potentially alert on changes
def on_deleted(self, event):
if event.is_directory:
return
print(f"[FILE DELETED] {event.src_path}")
# Alert user about deletion
# Add to SecureAIAssistant class
def start_monitoring(self):
event_handler = SecurityEventHandler(self)
observer = Observer()
observer.schedule(event_handler, path='.', recursive=True)
observer.start()
print("File monitoring started")
Why: Monitoring helps detect and alert on unauthorized file system changes.
Summary
This tutorial demonstrated how to build a secure AI assistant that prevents destructive actions while maintaining useful functionality. Key security features include:
- Path validation to restrict operations to sandbox directories
- Dangerous command detection and blocking
- User confirmation for risky operations
- File system monitoring for unauthorized changes
- Comprehensive logging for audit purposes
These controls prevent the kind of accidental system destruction seen with GPT-5.6, ensuring that AI assistants can be safely used in production environments while maintaining their utility.



