HackerTrans
TopNewTrendsCommentsPastAskShowJobs

radku

no profile record

Submissions

Show HN: AVP – an agent can't leak a secret it never had

github.com
3 points·by radku·قبل 30 يومًا·1 comments

comments

radku
·قبل 18 يومًا·discuss
I have pretty much almost this exact setup with 2x3090s and with slightly faster DDR4 512GB and 64 core Epyc! [0] I've been enjoying it a lot. Can't wait to give this model a try.

Apart of running local models I use this rig as my main remote development platform. All Claude Code sessions are running there in tmux now. And my fingers can't be happier not having to deal with constantly hot laptop. Not to mention that Claude Code is such a battery hog.

[0] https://medium.com/@rathko/i-built-an-epyc-64-core-512gb-ram...
radku
·قبل 22 يومًا·discuss
Congrats on the launch!

Will this solution work with services protected by cloudflare turnstile or captchas? Does this involve human in a loop?
radku
·قبل 22 يومًا·discuss
No privacy policy whatsoever?
radku
·قبل 27 يومًا·discuss
I'm working on OSS security tool that can protect you form credential stealers (think Shai-hulud and similar) or prompt-injected agent leaking your secrets.

agent-vault-proxy is a local proxy that injects real secrets into requests in-flight, so a compromised or prompt-injected agent has nothing to steal, feedback welcome: https://github.com/inflightsec/agent-vault-proxy
radku
·قبل 30 يومًا·discuss
Nice work shipping this.

Disclosure: author of a related tool here. I have create agent-vault-proxy for a very similar reason. It also can help keep credentials out of the agent process. The agent gets a placeholder, the proxy swaps in the real secret in transit.

I read them as complementary: action firewall in front, credential broker behind. https://github.com/inflightsec/agent-vault-proxy
radku
·قبل شهرين·discuss
AI is actually pretty good at finding vulnerabilities in the codebase.

Critical vulnerability in that source code could enable further access to other production systems or databases.

Edit: typo
radku
·قبل شهرين·discuss
Hope ask.com knowledge can be preserved in open source LLMs for future generations.
radku
·قبل 3 أشهر·discuss
This could significantly impact security of large parts of web ecosystem.

Perhaps Node.js can switch to a VDP, no-bounty program. From Hacker One: "VDP is designed solely for receiving, validating, and addressing security reports without a paid bounty element"
radku
·قبل 3 أشهر·discuss
Agreed. Personally I think about it as massaging a text with LLM is like applying filters to your pictures.

The text probably have been based entirely on the internal notes and investigations and is very informative. Would it be better if the OP wrote it entirely by themselves? Not necessarily.
radku
·قبل 4 أشهر·discuss
Hammerspoon helped me have a F12 shortcut for Ghostty (the only feature I missed from guake on mac)! I love it