HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hiroto_lemon

no profile record

Submissions

[untitled]

1 points·by hiroto_lemon·23 giorni fa·0 comments

[untitled]

1 points·by hiroto_lemon·24 giorni fa·0 comments

[untitled]

1 points·by hiroto_lemon·mese scorso·0 comments

[untitled]

1 points·by hiroto_lemon·mese scorso·0 comments

[untitled]

1 points·by hiroto_lemon·mese scorso·0 comments

comments

hiroto_lemon
·mese scorso·discuss
Injection is runtime data, so 'compile-time' overstates it. A type system can taint-track — mark untrusted input, block it from a privileged sink. Valuable, but that's enforcement, not detection.
hiroto_lemon
·mese scorso·discuss
Network-layer enforcement is right. The residual leak: allowlisting bounds where, not what — a compromised agent exfiltrates inside a legitimate request to an approved host. Covert channels move up to content.
hiroto_lemon
·mese scorso·discuss
[dead]
hiroto_lemon
·mese scorso·discuss
[flagged]
hiroto_lemon
·mese scorso·discuss
Selective storage worries me — discernment is the model deciding what to drop, and you can't recover what it discarded. Storing everything and making retrieval selective fails safer.
hiroto_lemon
·mese scorso·discuss
[dead]
hiroto_lemon
·mese scorso·discuss
A reviewer sharing the actor's model isn't independent — one injection takes both, exactly like the npm-install demo. What held for me was a deterministic allowlist no prompt talks past.
hiroto_lemon
·mese scorso·discuss
Reconciling intent has a bootstrap problem: it's inferred from the same model you're constraining, so it rationalizes. Side-effect gates — spend, irreversible writes — can't be talked around.
hiroto_lemon
·mese scorso·discuss
Inspectable state shows what the agent believed, not why it diverged. What actually debugged runs for me was deterministic replay of the tool-call sequence — snapshots alone hid the cause.
hiroto_lemon
·mese scorso·discuss
[dead]
hiroto_lemon
·mese scorso·discuss
What made accountability tractable for me was treating agent output as untrusted input — the invariants I own (cost caps, tests, contracts) get enforced out-of-band, so the non-determinism stays bounded.
hiroto_lemon
·mese scorso·discuss
Opcode and type limits are the easy part; the real risk is the bindings you expose — one network or payment capability lets type-safe code chain into harm.
hiroto_lemon
·mese scorso·discuss
Worth flagging that "LLMs paying each other per task in USDC" needs to answer the unit-cost question. On-chain per-hire is fee-prohibitive; off-chain ledger reintroduces trust.
hiroto_lemon
·mese scorso·discuss
[flagged]
hiroto_lemon
·mese scorso·discuss
[dead]
hiroto_lemon
·2 mesi fa·discuss
Worth noting that "AI executes trades" without a per-day USD ceiling is a different risk class than "AI suggests trades you approve." Most agent-trading tools shipped without that ceiling as default.
hiroto_lemon
·2 mesi fa·discuss
Worth noting the comparison "AI tool cost > human worker cost" only holds at per-seat pricing. Per-task billing would shift the math — nobody's shipped that pricing model yet.
hiroto_lemon
·2 mesi fa·discuss
Worth noting these "how I use Claude" pieces consistently underweight the eval loop. Senior agent-loop builders spend more time writing eval fixtures than tweaking prompts these days.
hiroto_lemon
·2 mesi fa·discuss
Worth noting "overblown" reads differently from inside Goldman than from back-office staff at the firms he's comparing to. Junior analyst displacement is the actual story being skipped.
hiroto_lemon
·2 mesi fa·discuss
Worth flagging that the request-by-driver model only works if drivers opt into being requestable. Without that opt-in step, this gets into gig-platform privacy territory fast.