HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sarelta

no profile record

Submissions

Build and deploy hosted sites from Codex with the Sites plugin

developers.openai.com
2 points·by sarelta·letzten Monat·1 comments

GitHub Copilot CLI downloads and executes malware

promptarmor.com
62 points·by sarelta·vor 4 Monaten·22 comments

Data exfil from agents in messaging apps

promptarmor.com
34 points·by sarelta·vor 5 Monaten·6 comments

comments

sarelta
·vor 6 Monaten·discuss
this is sick, Claude Code X Figma is exactly what I need -- wondering how this will compare performance-wise to just using Figma MCP
sarelta
·vor 6 Monaten·discuss
The attacker isn't the dev -- the attacker is a third party that poisoned the online data that is ingested by the AI tool.

- Dev builds secure AI app - App defends against indirect prompt injection in data from the internet - Dev reviews the flagged log - Log affected by the injection is rendered, and the attacker who wrote the injection in the web data exfiltrates the data from the AI app user
sarelta
·vor 6 Monaten·discuss
thats nifty, so can attackers upload the user's codebase to the internet as a package?
sarelta
·vor 6 Monaten·discuss
I'm impressed Superhuman seems to have handled this so well - lots of big names are fumbling with AI vuln disclosures. Grammarly is not necessarily who I would have bet on to get it right