Structuring the Agent Workflow
In the simplest agentic workflow, your LLM may generate Python that you eventually pass to eval. For example, a prompt equivalent to generate the python code to make a bar chart in plotly would return:
import plotly.graph_objects as go
fig = go.Figure(data=go.Bar(x=["A", "B", "C"], y=[10, 20, 15]))
fig.update_layout(title="Bar Chart Example")Your agent would pass this into eval to generate the plot as shown in Figure 1.
Using Python in the Browser
Pyodide is a port of CPython into Wasm to create a sandbox that may be used inside existing JavaScript virtual machines. This means that we can execute Python client-side to inherit all of the security benefits of a browser sandbox.
By designing the application to serve HTML with the Pyodide runtime and the LLM-generated code as shown in Figure 2, application developers can shift the execution into the users’ browsers, gaining the security of sandboxing and preventing any cross-user contamination.
Improving Application Security with Wasm
Imagine a scenario where the LLM returns malicious code, either as a result of prompt injection or error. In the case of the simplest agentic workflow, the call to eval results in the compromise of the application, potentially impacting the host operating system and other users as shown in Figure 3.
However, after applying the Wasm flow, there are two possible cases illustrated in Figure 4. First, the application may throw an error because the malicious Python code cannot be executed in the narrowly scoped Pyodide runtime (that is, a missing dependency).
Second, if the code does execute, it is restricted to the browser sandbox which greatly limits any potential impact to the end user’s device.
Get Started
Sandboxing LLM-generated Python with WebAssembly offers a convenient approach, requiring minimal changes to existing prompts and architectures. It is cost-effective by reducing compute requirements, and provides both host and user isolation with improved security of the service and its users. It is more robust than regular expressions or restricted Python libraries, and lighter weight than containers or virtual machines.
To get started improving application security for your agentic workflows using Wasm, check out this example on GitHub. Learn more about AI agents and agentic workflows.
Conclusion
Using Pyodide with WebAssembly provides a powerful and secure way to execute LLM-generated Python in the browser, while ensuring the security of the service and its users. With minimal changes to existing architectures and prompts, you can improve application security and reduce the risk of malicious code execution.
FAQs
Q: What is Pyodide?
A: Pyodide is a port of CPython into Wasm to create a sandbox that may be used inside existing JavaScript virtual machines.
Q: What are the benefits of using Pyodide with Wasm?
A: Using Pyodide with Wasm provides both host and user isolation with improved security of the service and its users, while reducing compute requirements and being more robust than regular expressions or restricted Python libraries.
Q: How do I get started with using Pyodide with Wasm?
A: Check out this example on GitHub and learn more about AI agents and agentic workflows.
