HackerTrans
TopNewTrendsCommentsPastAskShowJobs

arizza

no profile record

comments

arizza
·4 months ago·discuss
[dead]
arizza
·4 months ago·discuss
The published transcripts are the most valuable part of this. We've found that real exploit chains almost never look like what you'd dream up internally. One thing I'd push on is are the agents stateful across attempts? Single-turn exploits are table stakes, but the failures that actually scare me are multi-step sequences where each individual action looks benign and only the session-level pattern is dangerous. That's where prompt-level guardrails completely fall apart and you need enforcement at the action boundary itself.
arizza
·4 months ago·discuss
The part people miss is that prompt injection is just the delivery mechanism but the actual vulnerability is that there's no enforcement layer between the agent's decision and the action firing. You can harden the prompt all you want, but if the agent resolves to "send email with attachment" after parsing a poisoned webpage, nothing stops it unless you have a deterministic gate at the action boundary that validates against policy before execution.