Introduction
In today's rapidly evolving AI landscape, we're increasingly relying on AI agents to perform tasks on our behalf. However, as highlighted in recent discussions, these AI systems can be like eager but misguided human interns - enthusiastic but potentially dangerous if given too much freedom. This tutorial will teach you how to create a controlled AI agent system that respects boundaries and permissions, helping you maintain control while leveraging AI capabilities.
Prerequisites
Before beginning this tutorial, you'll need:
- A basic understanding of Python programming
- Python 3.7 or higher installed on your computer
- Access to a command-line interface (terminal or command prompt)
- Internet connection for installing packages
What You'll Build
This tutorial will guide you through creating a simple but secure AI agent framework with permission controls. You'll learn how to set up an AI agent that can perform specific tasks while being restricted from taking dangerous actions.
Step 1: Setting Up Your Development Environment
Install Required Python Packages
First, we need to install the necessary Python packages. Open your terminal or command prompt and run:
pip install openai python-dotenvThis installs the OpenAI API library, which will allow us to interact with AI models, and python-dotenv for managing environment variables.
Step 2: Creating Your AI Agent Framework
Initialize Your Project Structure
Create a new directory for your project and navigate to it:
mkdir ai_agent_framework
cd ai_agent_frameworkNow create a Python file called agent.py to house our agent logic:
Create the Base Agent Class
Open agent.py in your text editor and add this code:
import os
from openai import OpenAI
class SecureAI-Agent:
def __init__(self, api_key=None):
# Initialize with API key or use environment variable
if api_key:
self.client = OpenAI(api_key=api_key)
else:
# Use environment variable if available
api_key = os.getenv('OPENAI_API_KEY')
if not api_key:
raise ValueError("No API key provided and OPENAI_API_KEY environment variable not set")
self.client = OpenAI(api_key=api_key)
# Define permissions for this agent
self.permissions = {
'read_files': False,
'write_files': False,
'execute_commands': False,
'access_network': True,
'ask_questions': True
}
# Define safe actions
self.safe_actions = ['ask_questions', 'access_network']
def check_permission(self, action):
"""Check if the agent has permission to perform an action"""
if action in self.permissions:
return self.permissions[action]
return False
def safe_request(self, prompt):
"""Make a request only if we have permission"""
if not self.check_permission('ask_questions'):
return "I don't have permission to ask questions."
try:
response = self.client.chat.completions.create(
model="gpt-3.5-turbo",
messages=[
{"role": "user", "content": prompt}
]
)
return response.choices[0].message.content
except Exception as e:
return f"Error: {str(e)}"
def set_permission(self, action, allowed):
"""Set permission for a specific action"""
if action in self.permissions:
self.permissions[action] = allowed
print(f"Permission for {action} set to {allowed}")
else:
print(f"Unknown action: {action}")This creates a secure AI agent framework with permission controls. The agent starts with limited permissions and can only perform actions it's explicitly allowed to do.
Step 3: Setting Up Environment Variables
Create Your API Key File
Create a file named .env in your project directory:
OPENAI_API_KEY=your_actual_api_key_hereImportant: Replace your_actual_api_key_here with your actual OpenAI API key. Never commit this file to version control or share it publicly.
Step 4: Implementing the Main Application
Create Your Main Application File
Create a file called main.py with the following code:
import os
from dotenv import load_dotenv
from agent import SecureAI-Agent
# Load environment variables
load_dotenv()
# Create an agent instance
agent = SecureAI-Agent()
print("AI Agent Framework Initialized")
print("Available permissions:")
for action, allowed in agent.permissions.items():
print(f" {action}: {allowed}")
# Demonstrate safe usage
print("\n--- Demonstrating Safe Usage ---")
# This should work because we have permission
response = agent.safe_request("What is artificial intelligence?")
print("Question response:", response)
# Try to set permissions
print("\n--- Testing Permission Controls ---")
agent.set_permission('read_files', True)
agent.set_permission('write_files', False)
# Check current permissions
print("\nUpdated permissions:")
for action, allowed in agent.permissions.items():
print(f" {action}: {allowed}")This main application demonstrates how to use our secure agent, showing both safe operations and permission management.
Step 5: Running Your Secure AI Agent
Execute the Application
Run your application by typing:
python main.pyYou should see output showing your agent's current permissions, followed by a response to your question, and then the updated permissions.
Understanding the Security Model
The key insight here is that we're building a permission-based system that prevents our AI agent from taking dangerous actions. Notice how:
- We explicitly define what actions the agent can and cannot perform
- We check permissions before allowing any action
- We can dynamically change permissions as needed
Step 6: Expanding Your Agent's Capabilities
Adding More Permission Controls
Let's enhance our agent with additional security features:
class SecureAI-Agent:
def __init__(self, api_key=None):
# ... (previous code remains the same)
# Add more restrictive permissions
self.permissions['access_local_storage'] = False
self.permissions['modify_system_files'] = False
self.permissions['send_email'] = False
self.permissions['make_phone_calls'] = False
# Add logging for security
self.action_log = []
def safe_request(self, prompt):
"""Make a request with logging"""
if not self.check_permission('ask_questions'):
self.log_action('attempted_question', 'denied')
return "I don't have permission to ask questions."
self.log_action('ask_question', 'allowed')
try:
response = self.client.chat.completions.create(
model="gpt-3.5-turbo",
messages=[
{"role": "user", "content": prompt}
]
)
return response.choices[0].message.content
except Exception as e:
self.log_action('error', str(e))
return f"Error: {str(e)}"
def log_action(self, action, status):
"""Log actions for security monitoring"""
self.action_log.append({
'action': action,
'status': status,
'timestamp': str(datetime.now())
})
print(f"Action logged: {action} - {status}")This enhanced version adds logging and more restrictive permissions, giving you better visibility into what your AI agent is attempting to do.
Summary
In this tutorial, you've learned how to create a secure AI agent framework that respects permissions and boundaries - much like how you'd manage an eager but misguided human intern. The key principles you've implemented include:
- Explicit permission controls for different actions
- Safe execution methods that check permissions before acting
- Logging mechanisms to monitor agent behavior
- Environment variable management for API keys
This approach helps prevent AI agents from performing dangerous actions while still allowing them to be useful. Remember that just like human interns, AI agents should have clear boundaries and permissions - you can be helpful while maintaining control over what they can do.
As you continue developing with AI, always remember to think carefully about the permissions and capabilities you're granting to your AI systems. This framework provides a foundation for building secure AI applications that respect your boundaries.
