From 35fedd42433cc73b6f328e817f43f43034cdeb1d Mon Sep 17 00:00:00 2001 From: Enrico Glerean Date: Tue, 7 Apr 2026 23:49:06 +0300 Subject: [PATCH 1/9] draft --- triton/AI_agents_on_HPC.rst | 102 ++++++++++++++++++++++++++++++++++++ triton/usagepolicy.rst | 10 ++++ 2 files changed, 112 insertions(+) create mode 100644 triton/AI_agents_on_HPC.rst diff --git a/triton/AI_agents_on_HPC.rst b/triton/AI_agents_on_HPC.rst new file mode 100644 index 000000000..faf482602 --- /dev/null +++ b/triton/AI_agents_on_HPC.rst @@ -0,0 +1,102 @@ +AI Agents on HPC +================ + +AI agents like `Claude Code `__ or OpenAI Codex are +getting popular and some of our Triton users have started using them for coding assistance or +Slurm monitoring and interactions. AI agents however can introduce security risks for both the +account that is using the agent and the rest of the cluster. They can also cause stability +issues if their requests put unexpected stress on the cluster management. Right now, our +attitude is to not prohibit such systems; instead we want to agree on good practices with +those users who are planning to run those systems on Triton, and more broadly on any computer +that they use. + +Because of this, we ask you for your cooperation and we would like you to: + +#. Tell us which agent you use and how you use it at the `daily zoom garage + `__ or in the `Zulip chat + `__. +#. Give us the permission to check the logs written by the agent in your home folder. Triton + admins and Aalto IT security staff may inspect shell history, process logs, network logs, + and any other log related to your agent sessions. +#. Be aware of what could go wrong — we wrote a list in the table below. +#. Accountability will always be on the person who runs the AI agent; we can never blame the + AI if something goes wrong. + +For now we are happy to just monitor things and contact directly those of you using AI agents +on Triton. If agents become disruptive, we might need to set up some automations to moderate +their activities. + +The table below summarises some of the things that could go wrong and how you could mitigate +risks. + +.. list-table:: + :header-rows: 1 + :widths: 20 40 40 + + * - Category + - What could go wrong? + - What should I do? + * - Software & supply chain + - Agents may install packages automatically from public registries (PyPI, npm, CRAN, + Conda-Forge, etc.). Some may be malicious, compromised, or part of + `typosquatting `__ /dependency confusion + attacks. + - Review what gets installed during and after sessions, or, even better, take care of + installations *before* running the agent. For your own computers: never run agents with + elevated privileges. In general: avoid using the most recent version of packages. Read + more at the `OWASP website `__. + * - Code & data confidentiality + - Code, file contents, and error messages are sent to an external LLM provider's servers. + Sensitive data, unpublished results, personal data (GDPR), or secrets (passwords, API + keys, tokens) may be exposed. + - Never process sensitive or confidential data through an agent: instead, work with + synthetic data. Keep secrets out of files/folders the agent can access. Running the + agent inside a container can limit its potential *blast radius*. + * - LLM provider data retention + - The LLM provider may retain your queries according to their own privacy policy + (`up to 5 years for Claude `__, + `30 days for OpenAI `__). + - Read and understand the privacy policy of the AI tool you are using before your first + session. Not sure? Get in touch with us. + * - Triton cluster stability + - Agents may submit batch jobs, run shell commands, spawn runaway loops, or consume + excessive CPU/memory/I/O, affecting all users on shared infrastructure (e.g. login + node). + - Monitor your sessions actively; ideally don't run more than one agent. Terminate + processes that behave unexpectedly. + * - Login node availability + - If the login node becomes unstable, Triton admins will stop active agentic processes + without prior notice before attempting a reboot. In-progress work may be lost. + - Save your work frequently. Do not rely on long-running unsupervised agent sessions on + the Triton login node. + * - Autonomous file actions + - Agents can modify, overwrite, or delete files without asking for confirmation at each + step. + - Use version control (git) or take backups before and during agent sessions (remember: + scratch is not backed up). + * - Agent mistakes & hallucinations + - Agents may misinterpret instructions or produce plausible-looking but incorrect commands + or code resulting in invalid research findings. + - Review all agent-generated changes before using them in research or production + workflows. Publishing results that are fabricated or falsified is academic misconduct + and can result in retraction. + * - Copyright & plagiarism + - AI-generated code may incorporate patterns from copyrighted training data. + `Finnish `__ + and `European research integrity guidelines `__ + require disclosure of AI assistance in publications and grant applications. + - Check licensing of generated code. Disclose AI assistance as required by the + `ALLEA European Code of Conduct for Research Integrity + `__. + * - Third-party terms of service and support + - Each AI coding tool (e.g., GitHub Copilot, Cursor, Cline, Continue.dev) has its own + terms of service. Triton admins or IT services do not provide support for these tools. + - Read and comply with the terms of service of each tool you use. Tool-specific issues + should be discussed with the provider of the tool. + * - Ethical and responsible AI + - Using generative AI systems built on + `mostly stolen data `__ + and `significantly affecting the environment `__ + might not align with your ethical principles. + - Consider using AI tools which were built responsibly. Unfortunately this is easier said + than done: let's work on this together! diff --git a/triton/usagepolicy.rst b/triton/usagepolicy.rst index 8154490c8..d7ea45fa7 100644 --- a/triton/usagepolicy.rst +++ b/triton/usagepolicy.rst @@ -77,6 +77,16 @@ these conditions of use: `. +AI agents on Triton +------------------- + +If you use AI coding agents (e.g. Claude Code, OpenAI Codex) on Triton or any other +computer connected to our infrastructure, please read our policy on acceptable use, +risks, and required cooperation: + +:doc:`AI Agents on HPC ` + + .. _privacypolicy: Triton data (privacy) policy From 7d8ec47307a77293112ec0665e228d4819220cdf Mon Sep 17 00:00:00 2001 From: Enrico Glerean Date: Wed, 8 Apr 2026 11:16:32 +0300 Subject: [PATCH 2/9] updating with new edits --- triton/AI_agents_on_HPC.rst | 67 ++++++++++++++++++++++++------------- 1 file changed, 44 insertions(+), 23 deletions(-) diff --git a/triton/AI_agents_on_HPC.rst b/triton/AI_agents_on_HPC.rst index faf482602..92e10a407 100644 --- a/triton/AI_agents_on_HPC.rst +++ b/triton/AI_agents_on_HPC.rst @@ -1,30 +1,35 @@ AI Agents on HPC ================ -AI agents like `Claude Code `__ or OpenAI Codex are -getting popular and some of our Triton users have started using them for coding assistance or -Slurm monitoring and interactions. AI agents however can introduce security risks for both the -account that is using the agent and the rest of the cluster. They can also cause stability -issues if their requests put unexpected stress on the cluster management. Right now, our -attitude is to not prohibit such systems; instead we want to agree on good practices with -those users who are planning to run those systems on Triton, and more broadly on any computer -that they use. +AI agents like `Claude Code `__ or +`OpenAI Codex `__ (via Command Line Interface or +`VSCode plugin `__) +are getting popular and some of our Triton users have started using them for coding assistance +or Slurm monitoring and job management. We want to encourage researchers to use these tools, +and to learn together how to use them well. -Because of this, we ask you for your cooperation and we would like you to: +AI agents are powerful and can introduce security risks or disruptions for you and for other +users of the cluster. We want to develop good practices for working with AI agents on Triton, +and more broadly on any computer you use. + +We ask for your cooperation and we would like you to: #. Tell us which agent you use and how you use it at the `daily zoom garage `__ or in the `Zulip chat `__. -#. Give us the permission to check the logs written by the agent in your home folder. Triton - admins and Aalto IT security staff may inspect shell history, process logs, network logs, - and any other log related to your agent sessions. -#. Be aware of what could go wrong — we wrote a list in the table below. -#. Accountability will always be on the person who runs the AI agent; we can never blame the - AI if something goes wrong. +#. Be aware of what could go wrong, we summarised some of the risks in the table below. +#. Save your work frequently. Triton admins will have to kill agent processes (or other + processes) if they affect system stability. +#. If you (or we) suspect that something went wrong with your agent, we are happy to check + the logs with you. +#. Finally, keep in mind that responsibility always lies with the person operating the AI + agent; if something goes wrong, the AI itself cannot be held accountable. + +We will get in touch with those of you running AI agents. + -For now we are happy to just monitor things and contact directly those of you using AI agents -on Triton. If agents become disruptive, we might need to set up some automations to moderate -their activities. +Common problems and how to avoid them +-------------------------------------- The table below summarises some of the things that could go wrong and how you could mitigate risks. @@ -61,9 +66,11 @@ risks. * - Triton cluster stability - Agents may submit batch jobs, run shell commands, spawn runaway loops, or consume excessive CPU/memory/I/O, affecting all users on shared infrastructure (e.g. login - node). - - Monitor your sessions actively; ideally don't run more than one agent. Terminate - processes that behave unexpectedly. + node). Agents can also aggressively monitor running jobs via squeue/sacct queries, + which put heavy load on the Slurm controller and cause instabilities for all users. + - Monitor your agent sessions actively, ideally don't run more than one agent. Terminate + processes that behave unexpectedly. If agents become disruptive, we might need to set + up some automations to moderate their activities so that other users are not affected. * - Login node availability - If the login node becomes unstable, Triton admins will stop active agentic processes without prior notice before attempting a reboot. In-progress work may be lost. @@ -73,7 +80,9 @@ risks. - Agents can modify, overwrite, or delete files without asking for confirmation at each step. - Use version control (git) or take backups before and during agent sessions (remember: - scratch is not backed up). + scratch is not backed up). Don't delegate git commands to your agent; instead ask which + commands to run and run them in a separate terminal. Optimally the agent does not have + access to your git credentials (keys or password). * - Agent mistakes & hallucinations - Agents may misinterpret instructions or produce plausible-looking but incorrect commands or code resulting in invalid research findings. @@ -93,10 +102,22 @@ risks. terms of service. Triton admins or IT services do not provide support for these tools. - Read and comply with the terms of service of each tool you use. Tool-specific issues should be discussed with the provider of the tool. + * - Aalto approved tools + - There are no officially approved ways to use AI agents on Aalto systems. + - With some agents (e.g. Codex) it is possible to use endpoints hosted in the EU Azure + datacentre similarly to what is done with `ai.aalto.fi `__. This + requires some extra set-up and is currently being tested. * - Ethical and responsible AI - Using generative AI systems built on - `mostly stolen data `__ + `data scraped without explicit consent from creators or copyright holders + `__ and `significantly affecting the environment `__ might not align with your ethical principles. - Consider using AI tools which were built responsibly. Unfortunately this is easier said than done: let's work on this together! + + +Recommendations for specific agents +------------------------------------- + +We will update our recommendations here based on users' feedback. From 3d024337876b95f2fdc3c8d24342234cdf55ac07 Mon Sep 17 00:00:00 2001 From: Enrico Glerean Date: Thu, 9 Apr 2026 15:35:06 +0300 Subject: [PATCH 3/9] updating to version 3 --- triton/AI_agents_on_HPC.rst | 92 ++++++++++++++++++++++++++++++++----- 1 file changed, 80 insertions(+), 12 deletions(-) diff --git a/triton/AI_agents_on_HPC.rst b/triton/AI_agents_on_HPC.rst index 92e10a407..ea2208ca9 100644 --- a/triton/AI_agents_on_HPC.rst +++ b/triton/AI_agents_on_HPC.rst @@ -5,19 +5,54 @@ AI agents like `Claude Code `__ or `OpenAI Codex `__ (via Command Line Interface or `VSCode plugin `__) are getting popular and some of our Triton users have started using them for coding assistance -or Slurm monitoring and job management. We want to encourage researchers to use these tools, -and to learn together how to use them well. +or Slurm monitoring and job management. We want to encourage researchers to use these tools +responsibly, and to learn together how to use them well. AI agents are powerful and can introduce security risks or disruptions for you and for other users of the cluster. We want to develop good practices for working with AI agents on Triton, and more broadly on any computer you use. -We ask for your cooperation and we would like you to: + +How do I run a coding agent? Am I running an agent on Triton? +-------------------------------------------------------------- + +It depends on your workflow. Here some of the most common setups: + +#. **VS Code (or other editor) with coding agent running only on your computer:** You run + VS Code on your computer with + `coding agent extensions `__ + (GitHub Copilot, Cline, Claude Code, etc) without any remote SSH to Triton. Queries are + sent to an external Large Language Model (LLM) provider and you should have an account + there (info on accounts at the bottom of this page). Nothing runs on Triton, so this is + fine from a cluster perspective, but you can still face many of the risks listed in the + table below. + +#. **CLI agent only on your computer:** This is similar to the scenario above, but this time + you use a command line interface tool like Claude Code or OpenAI Codex. You are running + the agent locally on your computer and your code and data are sent to the remote LLM + provider. Again, nothing runs on Triton. + +#. **VSCode with remote SSH to Triton:** You open VS Code on your computer, but this time you + connect to ``triton.aalto.fi`` via remote SSH. In this case VS Code server runs on Triton's + login node and any coding agent extension also runs there. + +#. **CLI agents over SSH on Triton:** You SSH into ``triton.aalto.fi`` and from the terminal + start a command line agent such as Claude Code or OpenAI Codex. The agent runs on the + login node and sends your code and other data it can access to the remote LLM provider. + +*If you are not sure about these workflows, just come and chat with us at the daily zoom +garage.* + + +I am running a coding agent, what should I do? +----------------------------------------------- + +If you are running a coding agent, we ask for your cooperation and we would like you to: #. Tell us which agent you use and how you use it at the `daily zoom garage `__ or in the `Zulip chat `__. -#. Be aware of what could go wrong, we summarised some of the risks in the table below. +#. Be aware of what could go wrong. We summarised some of the risks in the table below. #. Save your work frequently. Triton admins will have to kill agent processes (or other processes) if they affect system stability. #. If you (or we) suspect that something went wrong with your agent, we are happy to check @@ -28,8 +63,8 @@ We ask for your cooperation and we would like you to: We will get in touch with those of you running AI agents. -Common problems and how to avoid them --------------------------------------- +Common problems with coding agents and how to avoid them +--------------------------------------------------------- The table below summarises some of the things that could go wrong and how you could mitigate risks. @@ -50,6 +85,18 @@ risks. installations *before* running the agent. For your own computers: never run agents with elevated privileges. In general: avoid using the most recent version of packages. Read more at the `OWASP website `__. + * - Prompt injection + - Agents read files, documentation, and web pages as part of their work. A malicious + package README, a GitHub comment, or webpage may contain hidden instructions that + hijack the agent's behaviour — for example, causing it to execute unexpected commands. + This is called prompt injection and is difficult to detect. + - Be cautious about which URLs or repositories you let the agent browse. Some agents + also use "skills" — installable extensions written as markdown files — which can + contain malicious instructions. Review what the agent does after it reads external + content and check which skills your agent is using. Prefer agents that ask for + confirmation before taking actions following a web or file lookup. See also: + `an extensive review article on prompt injection attacks + `__. * - Code & data confidentiality - Code, file contents, and error messages are sent to an external LLM provider's servers. Sensitive data, unpublished results, personal data (GDPR), or secrets (passwords, API @@ -66,11 +113,14 @@ risks. * - Triton cluster stability - Agents may submit batch jobs, run shell commands, spawn runaway loops, or consume excessive CPU/memory/I/O, affecting all users on shared infrastructure (e.g. login - node). Agents can also aggressively monitor running jobs via squeue/sacct queries, - which put heavy load on the Slurm controller and cause instabilities for all users. - - Monitor your agent sessions actively, ideally don't run more than one agent. Terminate - processes that behave unexpectedly. If agents become disruptive, we might need to set - up some automations to moderate their activities so that other users are not affected. + node). Patterns that are fine on a laptop can cause serious problems on a cluster: + agents aggressively monitoring running jobs via squeue/sacct queries, submitting tens + of thousands of small jobs instead of combining them, or aggressive I/O patterns can + all cause instabilities for other users. Agents don't know Triton's specific setup: + always verify Slurm job parameters against the Triton documentation before submitting. + - Monitor your agent sessions actively; ideally don't run more than one agent. Terminate + processes that behave unexpectedly. If agents become disruptive, we may introduce + automations to moderate their activities so that other users are not affected. * - Login node availability - If the login node becomes unstable, Triton admins will stop active agentic processes without prior notice before attempting a reboot. In-progress work may be lost. @@ -106,7 +156,9 @@ risks. - There are no officially approved ways to use AI agents on Aalto systems. - With some agents (e.g. Codex) it is possible to use endpoints hosted in the EU Azure datacentre similarly to what is done with `ai.aalto.fi `__. This - requires some extra set-up and is currently being tested. + requires some extra set-up and is currently being tested. In general these tools can + never be 100% secure, so it is best to work only with public data, or fake synthetic + data. * - Ethical and responsible AI - Using generative AI systems built on `data scraped without explicit consent from creators or copyright holders @@ -117,6 +169,22 @@ risks. than done: let's work on this together! +Accounts to remote AI systems +------------------------------ + +The coding agent itself is just a script that packages your code, questions, plans, and data +into a clever "prompt" that is sent to a remote AI system — very similar to chatting with +ChatGPT or `duck.ai `__, but this time you do not control what is sent to the +remote large language model. While some chatbots are free and require no accounts (e.g. +`duck.ai `__), coding agents want you to register and in most cases you need +to buy the service from the provider (e.g. OpenAI for Codex or Anthropic for Claude Code). +GitHub Copilot allows some free credits for GitHub accounts that are +`registered as a teacher `__ +(in practice this is suitable for any Aalto researcher or academic staff, since they are all +teaching assistants or supervisors/mentors of other students or researchers). There are some +ways to use open-source large language models and we will document them later. + + Recommendations for specific agents ------------------------------------- From d561bb9f55cd94d1574d96570c76df4b03214d99 Mon Sep 17 00:00:00 2001 From: Enrico Glerean Date: Tue, 14 Apr 2026 11:25:57 +0300 Subject: [PATCH 4/9] renaming and moving --- triton/usage/ai-agents.rst | 191 +++++++++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 triton/usage/ai-agents.rst diff --git a/triton/usage/ai-agents.rst b/triton/usage/ai-agents.rst new file mode 100644 index 000000000..ea2208ca9 --- /dev/null +++ b/triton/usage/ai-agents.rst @@ -0,0 +1,191 @@ +AI Agents on HPC +================ + +AI agents like `Claude Code `__ or +`OpenAI Codex `__ (via Command Line Interface or +`VSCode plugin `__) +are getting popular and some of our Triton users have started using them for coding assistance +or Slurm monitoring and job management. We want to encourage researchers to use these tools +responsibly, and to learn together how to use them well. + +AI agents are powerful and can introduce security risks or disruptions for you and for other +users of the cluster. We want to develop good practices for working with AI agents on Triton, +and more broadly on any computer you use. + + +How do I run a coding agent? Am I running an agent on Triton? +-------------------------------------------------------------- + +It depends on your workflow. Here some of the most common setups: + +#. **VS Code (or other editor) with coding agent running only on your computer:** You run + VS Code on your computer with + `coding agent extensions `__ + (GitHub Copilot, Cline, Claude Code, etc) without any remote SSH to Triton. Queries are + sent to an external Large Language Model (LLM) provider and you should have an account + there (info on accounts at the bottom of this page). Nothing runs on Triton, so this is + fine from a cluster perspective, but you can still face many of the risks listed in the + table below. + +#. **CLI agent only on your computer:** This is similar to the scenario above, but this time + you use a command line interface tool like Claude Code or OpenAI Codex. You are running + the agent locally on your computer and your code and data are sent to the remote LLM + provider. Again, nothing runs on Triton. + +#. **VSCode with remote SSH to Triton:** You open VS Code on your computer, but this time you + connect to ``triton.aalto.fi`` via remote SSH. In this case VS Code server runs on Triton's + login node and any coding agent extension also runs there. + +#. **CLI agents over SSH on Triton:** You SSH into ``triton.aalto.fi`` and from the terminal + start a command line agent such as Claude Code or OpenAI Codex. The agent runs on the + login node and sends your code and other data it can access to the remote LLM provider. + +*If you are not sure about these workflows, just come and chat with us at the daily zoom +garage.* + + +I am running a coding agent, what should I do? +----------------------------------------------- + +If you are running a coding agent, we ask for your cooperation and we would like you to: + +#. Tell us which agent you use and how you use it at the `daily zoom garage + `__ or in the `Zulip chat + `__. +#. Be aware of what could go wrong. We summarised some of the risks in the table below. +#. Save your work frequently. Triton admins will have to kill agent processes (or other + processes) if they affect system stability. +#. If you (or we) suspect that something went wrong with your agent, we are happy to check + the logs with you. +#. Finally, keep in mind that responsibility always lies with the person operating the AI + agent; if something goes wrong, the AI itself cannot be held accountable. + +We will get in touch with those of you running AI agents. + + +Common problems with coding agents and how to avoid them +--------------------------------------------------------- + +The table below summarises some of the things that could go wrong and how you could mitigate +risks. + +.. list-table:: + :header-rows: 1 + :widths: 20 40 40 + + * - Category + - What could go wrong? + - What should I do? + * - Software & supply chain + - Agents may install packages automatically from public registries (PyPI, npm, CRAN, + Conda-Forge, etc.). Some may be malicious, compromised, or part of + `typosquatting `__ /dependency confusion + attacks. + - Review what gets installed during and after sessions, or, even better, take care of + installations *before* running the agent. For your own computers: never run agents with + elevated privileges. In general: avoid using the most recent version of packages. Read + more at the `OWASP website `__. + * - Prompt injection + - Agents read files, documentation, and web pages as part of their work. A malicious + package README, a GitHub comment, or webpage may contain hidden instructions that + hijack the agent's behaviour — for example, causing it to execute unexpected commands. + This is called prompt injection and is difficult to detect. + - Be cautious about which URLs or repositories you let the agent browse. Some agents + also use "skills" — installable extensions written as markdown files — which can + contain malicious instructions. Review what the agent does after it reads external + content and check which skills your agent is using. Prefer agents that ask for + confirmation before taking actions following a web or file lookup. See also: + `an extensive review article on prompt injection attacks + `__. + * - Code & data confidentiality + - Code, file contents, and error messages are sent to an external LLM provider's servers. + Sensitive data, unpublished results, personal data (GDPR), or secrets (passwords, API + keys, tokens) may be exposed. + - Never process sensitive or confidential data through an agent: instead, work with + synthetic data. Keep secrets out of files/folders the agent can access. Running the + agent inside a container can limit its potential *blast radius*. + * - LLM provider data retention + - The LLM provider may retain your queries according to their own privacy policy + (`up to 5 years for Claude `__, + `30 days for OpenAI `__). + - Read and understand the privacy policy of the AI tool you are using before your first + session. Not sure? Get in touch with us. + * - Triton cluster stability + - Agents may submit batch jobs, run shell commands, spawn runaway loops, or consume + excessive CPU/memory/I/O, affecting all users on shared infrastructure (e.g. login + node). Patterns that are fine on a laptop can cause serious problems on a cluster: + agents aggressively monitoring running jobs via squeue/sacct queries, submitting tens + of thousands of small jobs instead of combining them, or aggressive I/O patterns can + all cause instabilities for other users. Agents don't know Triton's specific setup: + always verify Slurm job parameters against the Triton documentation before submitting. + - Monitor your agent sessions actively; ideally don't run more than one agent. Terminate + processes that behave unexpectedly. If agents become disruptive, we may introduce + automations to moderate their activities so that other users are not affected. + * - Login node availability + - If the login node becomes unstable, Triton admins will stop active agentic processes + without prior notice before attempting a reboot. In-progress work may be lost. + - Save your work frequently. Do not rely on long-running unsupervised agent sessions on + the Triton login node. + * - Autonomous file actions + - Agents can modify, overwrite, or delete files without asking for confirmation at each + step. + - Use version control (git) or take backups before and during agent sessions (remember: + scratch is not backed up). Don't delegate git commands to your agent; instead ask which + commands to run and run them in a separate terminal. Optimally the agent does not have + access to your git credentials (keys or password). + * - Agent mistakes & hallucinations + - Agents may misinterpret instructions or produce plausible-looking but incorrect commands + or code resulting in invalid research findings. + - Review all agent-generated changes before using them in research or production + workflows. Publishing results that are fabricated or falsified is academic misconduct + and can result in retraction. + * - Copyright & plagiarism + - AI-generated code may incorporate patterns from copyrighted training data. + `Finnish `__ + and `European research integrity guidelines `__ + require disclosure of AI assistance in publications and grant applications. + - Check licensing of generated code. Disclose AI assistance as required by the + `ALLEA European Code of Conduct for Research Integrity + `__. + * - Third-party terms of service and support + - Each AI coding tool (e.g., GitHub Copilot, Cursor, Cline, Continue.dev) has its own + terms of service. Triton admins or IT services do not provide support for these tools. + - Read and comply with the terms of service of each tool you use. Tool-specific issues + should be discussed with the provider of the tool. + * - Aalto approved tools + - There are no officially approved ways to use AI agents on Aalto systems. + - With some agents (e.g. Codex) it is possible to use endpoints hosted in the EU Azure + datacentre similarly to what is done with `ai.aalto.fi `__. This + requires some extra set-up and is currently being tested. In general these tools can + never be 100% secure, so it is best to work only with public data, or fake synthetic + data. + * - Ethical and responsible AI + - Using generative AI systems built on + `data scraped without explicit consent from creators or copyright holders + `__ + and `significantly affecting the environment `__ + might not align with your ethical principles. + - Consider using AI tools which were built responsibly. Unfortunately this is easier said + than done: let's work on this together! + + +Accounts to remote AI systems +------------------------------ + +The coding agent itself is just a script that packages your code, questions, plans, and data +into a clever "prompt" that is sent to a remote AI system — very similar to chatting with +ChatGPT or `duck.ai `__, but this time you do not control what is sent to the +remote large language model. While some chatbots are free and require no accounts (e.g. +`duck.ai `__), coding agents want you to register and in most cases you need +to buy the service from the provider (e.g. OpenAI for Codex or Anthropic for Claude Code). +GitHub Copilot allows some free credits for GitHub accounts that are +`registered as a teacher `__ +(in practice this is suitable for any Aalto researcher or academic staff, since they are all +teaching assistants or supervisors/mentors of other students or researchers). There are some +ways to use open-source large language models and we will document them later. + + +Recommendations for specific agents +------------------------------------- + +We will update our recommendations here based on users' feedback. From c6aa7ab8e1d354d6475a9fa1a71b628b88476368 Mon Sep 17 00:00:00 2001 From: Enrico Glerean Date: Tue, 14 Apr 2026 11:26:30 +0300 Subject: [PATCH 5/9] deleted --- triton/AI_agents_on_HPC.rst | 191 ------------------------------------ 1 file changed, 191 deletions(-) delete mode 100644 triton/AI_agents_on_HPC.rst diff --git a/triton/AI_agents_on_HPC.rst b/triton/AI_agents_on_HPC.rst deleted file mode 100644 index ea2208ca9..000000000 --- a/triton/AI_agents_on_HPC.rst +++ /dev/null @@ -1,191 +0,0 @@ -AI Agents on HPC -================ - -AI agents like `Claude Code `__ or -`OpenAI Codex `__ (via Command Line Interface or -`VSCode plugin `__) -are getting popular and some of our Triton users have started using them for coding assistance -or Slurm monitoring and job management. We want to encourage researchers to use these tools -responsibly, and to learn together how to use them well. - -AI agents are powerful and can introduce security risks or disruptions for you and for other -users of the cluster. We want to develop good practices for working with AI agents on Triton, -and more broadly on any computer you use. - - -How do I run a coding agent? Am I running an agent on Triton? --------------------------------------------------------------- - -It depends on your workflow. Here some of the most common setups: - -#. **VS Code (or other editor) with coding agent running only on your computer:** You run - VS Code on your computer with - `coding agent extensions `__ - (GitHub Copilot, Cline, Claude Code, etc) without any remote SSH to Triton. Queries are - sent to an external Large Language Model (LLM) provider and you should have an account - there (info on accounts at the bottom of this page). Nothing runs on Triton, so this is - fine from a cluster perspective, but you can still face many of the risks listed in the - table below. - -#. **CLI agent only on your computer:** This is similar to the scenario above, but this time - you use a command line interface tool like Claude Code or OpenAI Codex. You are running - the agent locally on your computer and your code and data are sent to the remote LLM - provider. Again, nothing runs on Triton. - -#. **VSCode with remote SSH to Triton:** You open VS Code on your computer, but this time you - connect to ``triton.aalto.fi`` via remote SSH. In this case VS Code server runs on Triton's - login node and any coding agent extension also runs there. - -#. **CLI agents over SSH on Triton:** You SSH into ``triton.aalto.fi`` and from the terminal - start a command line agent such as Claude Code or OpenAI Codex. The agent runs on the - login node and sends your code and other data it can access to the remote LLM provider. - -*If you are not sure about these workflows, just come and chat with us at the daily zoom -garage.* - - -I am running a coding agent, what should I do? ------------------------------------------------ - -If you are running a coding agent, we ask for your cooperation and we would like you to: - -#. Tell us which agent you use and how you use it at the `daily zoom garage - `__ or in the `Zulip chat - `__. -#. Be aware of what could go wrong. We summarised some of the risks in the table below. -#. Save your work frequently. Triton admins will have to kill agent processes (or other - processes) if they affect system stability. -#. If you (or we) suspect that something went wrong with your agent, we are happy to check - the logs with you. -#. Finally, keep in mind that responsibility always lies with the person operating the AI - agent; if something goes wrong, the AI itself cannot be held accountable. - -We will get in touch with those of you running AI agents. - - -Common problems with coding agents and how to avoid them ---------------------------------------------------------- - -The table below summarises some of the things that could go wrong and how you could mitigate -risks. - -.. list-table:: - :header-rows: 1 - :widths: 20 40 40 - - * - Category - - What could go wrong? - - What should I do? - * - Software & supply chain - - Agents may install packages automatically from public registries (PyPI, npm, CRAN, - Conda-Forge, etc.). Some may be malicious, compromised, or part of - `typosquatting `__ /dependency confusion - attacks. - - Review what gets installed during and after sessions, or, even better, take care of - installations *before* running the agent. For your own computers: never run agents with - elevated privileges. In general: avoid using the most recent version of packages. Read - more at the `OWASP website `__. - * - Prompt injection - - Agents read files, documentation, and web pages as part of their work. A malicious - package README, a GitHub comment, or webpage may contain hidden instructions that - hijack the agent's behaviour — for example, causing it to execute unexpected commands. - This is called prompt injection and is difficult to detect. - - Be cautious about which URLs or repositories you let the agent browse. Some agents - also use "skills" — installable extensions written as markdown files — which can - contain malicious instructions. Review what the agent does after it reads external - content and check which skills your agent is using. Prefer agents that ask for - confirmation before taking actions following a web or file lookup. See also: - `an extensive review article on prompt injection attacks - `__. - * - Code & data confidentiality - - Code, file contents, and error messages are sent to an external LLM provider's servers. - Sensitive data, unpublished results, personal data (GDPR), or secrets (passwords, API - keys, tokens) may be exposed. - - Never process sensitive or confidential data through an agent: instead, work with - synthetic data. Keep secrets out of files/folders the agent can access. Running the - agent inside a container can limit its potential *blast radius*. - * - LLM provider data retention - - The LLM provider may retain your queries according to their own privacy policy - (`up to 5 years for Claude `__, - `30 days for OpenAI `__). - - Read and understand the privacy policy of the AI tool you are using before your first - session. Not sure? Get in touch with us. - * - Triton cluster stability - - Agents may submit batch jobs, run shell commands, spawn runaway loops, or consume - excessive CPU/memory/I/O, affecting all users on shared infrastructure (e.g. login - node). Patterns that are fine on a laptop can cause serious problems on a cluster: - agents aggressively monitoring running jobs via squeue/sacct queries, submitting tens - of thousands of small jobs instead of combining them, or aggressive I/O patterns can - all cause instabilities for other users. Agents don't know Triton's specific setup: - always verify Slurm job parameters against the Triton documentation before submitting. - - Monitor your agent sessions actively; ideally don't run more than one agent. Terminate - processes that behave unexpectedly. If agents become disruptive, we may introduce - automations to moderate their activities so that other users are not affected. - * - Login node availability - - If the login node becomes unstable, Triton admins will stop active agentic processes - without prior notice before attempting a reboot. In-progress work may be lost. - - Save your work frequently. Do not rely on long-running unsupervised agent sessions on - the Triton login node. - * - Autonomous file actions - - Agents can modify, overwrite, or delete files without asking for confirmation at each - step. - - Use version control (git) or take backups before and during agent sessions (remember: - scratch is not backed up). Don't delegate git commands to your agent; instead ask which - commands to run and run them in a separate terminal. Optimally the agent does not have - access to your git credentials (keys or password). - * - Agent mistakes & hallucinations - - Agents may misinterpret instructions or produce plausible-looking but incorrect commands - or code resulting in invalid research findings. - - Review all agent-generated changes before using them in research or production - workflows. Publishing results that are fabricated or falsified is academic misconduct - and can result in retraction. - * - Copyright & plagiarism - - AI-generated code may incorporate patterns from copyrighted training data. - `Finnish `__ - and `European research integrity guidelines `__ - require disclosure of AI assistance in publications and grant applications. - - Check licensing of generated code. Disclose AI assistance as required by the - `ALLEA European Code of Conduct for Research Integrity - `__. - * - Third-party terms of service and support - - Each AI coding tool (e.g., GitHub Copilot, Cursor, Cline, Continue.dev) has its own - terms of service. Triton admins or IT services do not provide support for these tools. - - Read and comply with the terms of service of each tool you use. Tool-specific issues - should be discussed with the provider of the tool. - * - Aalto approved tools - - There are no officially approved ways to use AI agents on Aalto systems. - - With some agents (e.g. Codex) it is possible to use endpoints hosted in the EU Azure - datacentre similarly to what is done with `ai.aalto.fi `__. This - requires some extra set-up and is currently being tested. In general these tools can - never be 100% secure, so it is best to work only with public data, or fake synthetic - data. - * - Ethical and responsible AI - - Using generative AI systems built on - `data scraped without explicit consent from creators or copyright holders - `__ - and `significantly affecting the environment `__ - might not align with your ethical principles. - - Consider using AI tools which were built responsibly. Unfortunately this is easier said - than done: let's work on this together! - - -Accounts to remote AI systems ------------------------------- - -The coding agent itself is just a script that packages your code, questions, plans, and data -into a clever "prompt" that is sent to a remote AI system — very similar to chatting with -ChatGPT or `duck.ai `__, but this time you do not control what is sent to the -remote large language model. While some chatbots are free and require no accounts (e.g. -`duck.ai `__), coding agents want you to register and in most cases you need -to buy the service from the provider (e.g. OpenAI for Codex or Anthropic for Claude Code). -GitHub Copilot allows some free credits for GitHub accounts that are -`registered as a teacher `__ -(in practice this is suitable for any Aalto researcher or academic staff, since they are all -teaching assistants or supervisors/mentors of other students or researchers). There are some -ways to use open-source large language models and we will document them later. - - -Recommendations for specific agents -------------------------------------- - -We will update our recommendations here based on users' feedback. From b89c22030d2785fa1132810a2dfd5a4169f6383a Mon Sep 17 00:00:00 2001 From: Enrico Glerean Date: Tue, 14 Apr 2026 11:27:27 +0300 Subject: [PATCH 6/9] removing linking section about AI agents --- triton/usagepolicy.rst | 7 ------- 1 file changed, 7 deletions(-) diff --git a/triton/usagepolicy.rst b/triton/usagepolicy.rst index d7ea45fa7..9c8586622 100644 --- a/triton/usagepolicy.rst +++ b/triton/usagepolicy.rst @@ -77,13 +77,6 @@ these conditions of use: `. -AI agents on Triton -------------------- - -If you use AI coding agents (e.g. Claude Code, OpenAI Codex) on Triton or any other -computer connected to our infrastructure, please read our policy on acceptable use, -risks, and required cooperation: - :doc:`AI Agents on HPC ` From 6b459d510aaaccb7a9a3ab3d279f54f1c7409956 Mon Sep 17 00:00:00 2001 From: Enrico Glerean Date: Tue, 14 Apr 2026 11:41:02 +0300 Subject: [PATCH 7/9] linking ai-agents page from vscode app page --- triton/apps/vscode.rst | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/triton/apps/vscode.rst b/triton/apps/vscode.rst index 9b33c57c4..b240e28bf 100644 --- a/triton/apps/vscode.rst +++ b/triton/apps/vscode.rst @@ -1,8 +1,13 @@ -VSCode on Triton -================ +VSCode and AI coding agents on Triton +===================================== VSCode is a text editor and IDE (Integrated Development Environment). It is -very popular these days, partly due to it's good usability. +very popular these days, partly due to it's good usability. AI coding agents +are also getting very popular. They can be installed as a VSCode extension or +run as Command-Line-Interface tools. + +**This page covers VSCode usage on Triton without AI coding agents. Read more +about `how to use AI coding agents on Triton <../usage/ai-agents>`.** From 46e2feb3912f749da0a1a70a577e52d2be704932 Mon Sep 17 00:00:00 2001 From: Enrico Glerean Date: Tue, 14 Apr 2026 11:59:37 +0300 Subject: [PATCH 8/9] cleaning --- triton/usagepolicy.rst | 2 -- 1 file changed, 2 deletions(-) diff --git a/triton/usagepolicy.rst b/triton/usagepolicy.rst index 9c8586622..50a0ee81a 100644 --- a/triton/usagepolicy.rst +++ b/triton/usagepolicy.rst @@ -77,8 +77,6 @@ these conditions of use: `. -:doc:`AI Agents on HPC ` - .. _privacypolicy: From b115d704623a4aa9d0ab7fb1867569fccd4ff02c Mon Sep 17 00:00:00 2001 From: Enrico Glerean Date: Tue, 14 Apr 2026 12:39:08 +0300 Subject: [PATCH 9/9] on the confidentiality row it is mentioned now that agents can expose code to other users of the clsuter --- triton/usage/ai-agents.rst | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/triton/usage/ai-agents.rst b/triton/usage/ai-agents.rst index ea2208ca9..05c32ca9f 100644 --- a/triton/usage/ai-agents.rst +++ b/triton/usage/ai-agents.rst @@ -100,10 +100,13 @@ risks. * - Code & data confidentiality - Code, file contents, and error messages are sent to an external LLM provider's servers. Sensitive data, unpublished results, personal data (GDPR), or secrets (passwords, API - keys, tokens) may be exposed. + keys, tokens) may be exposed. You might also expose code to other users of the shared + HPC node (e.g. login node). - Never process sensitive or confidential data through an agent: instead, work with synthetic data. Keep secrets out of files/folders the agent can access. Running the - agent inside a container can limit its potential *blast radius*. + agent inside a container can limit its potential *blast radius*. CLI agents like Claude + code also typically run ``python -c `` which are visible to other + users of the cluster. * - LLM provider data retention - The LLM provider may retain your queries according to their own privacy policy (`up to 5 years for Claude `__,