HackerTrans
トップ新着トレンドコメント過去質問紹介求人

edf13

no profile record

投稿

Mythos Proves AI Safety Can No Longer Live Inside the Model

grith.ai
2 ポイント·投稿者 edf13·26 日前·0 コメント

Mythos Proves AI Safety Can No Longer Live Inside the Model

grith.ai
3 ポイント·投稿者 edf13·28 日前·0 コメント

The Risk Isn't Rogue AI. It's Plausible AI

grith.ai
2 ポイント·投稿者 edf13·30 日前·0 コメント

AI Makes Adding Features Faster – So Why Not Add Just One More?

grith.ai
3 ポイント·投稿者 edf13·2 か月前·2 コメント

AI Makes Adding Features Faster – So Why Not Add Just One More?

grith.ai
2 ポイント·投稿者 edf13·2 か月前·0 コメント

Vibe Coding Still Needs a Senior Engineer (For Now)

grith.ai
5 ポイント·投稿者 edf13·2 か月前·1 コメント

Five AI Agent Failures in 36 Days. Zero Times the Agent Caught It

grith.ai
3 ポイント·投稿者 edf13·2 か月前·1 コメント

The Vercel Breach Needed Malware. The Next One Needs a Bad Readme

grith.ai
1 ポイント·投稿者 edf13·3 か月前·3 コメント

Every Claude 4.7 Improvement Makes the Security Problem Worse

grith.ai
5 ポイント·投稿者 edf13·3 か月前·1 コメント

They Hacked Claude, Gemini, and Copilot (and No One Told You)

grith.ai
4 ポイント·投稿者 edf13·3 か月前·0 コメント

They Hacked Claude, Gemini, and Copilot (and No One Told You)

grith.ai
3 ポイント·投稿者 edf13·3 か月前·0 コメント

Prompt Injection Is Unfixable (So We Stopped Trying)

grith.ai
4 ポイント·投稿者 edf13·3 か月前·1 コメント

If Your AI Agent Ran NPM Install During the Axios Attack, You're Compromised

grith.ai
5 ポイント·投稿者 edf13·3 か月前·0 コメント

Zero Ambient Authority: The Principle That Should Govern Every AI Agent

grith.ai
3 ポイント·投稿者 edf13·3 か月前·0 コメント

Alibaba's AI Agent Hijacked GPUs and Dug Reverse SSH Tunnels

grith.ai
3 ポイント·投稿者 edf13·4 か月前·0 コメント

Claude now decides what's safe to run – a UX improvement, not a security fix

twitter.com
3 ポイント·投稿者 edf13·4 か月前·0 コメント

AI agents are now deciding what's safe to run (Claude Auto Mode)

grith.ai
3 ポイント·投稿者 edf13·4 か月前·0 コメント

The Trivy Supply Chain Attack Reached LiteLLM

grith.ai
3 ポイント·投稿者 edf13·4 か月前·1 コメント

Meta's Rogue AI Agent Gave Engineers Access They Shouldn't Have Had

grith.ai
1 ポイント·投稿者 edf13·4 か月前·0 コメント

Meta's Rogue AI Agent Gave Engineers Access They Shouldn't Have Had

grith.ai
3 ポイント·投稿者 edf13·4 か月前·0 コメント

コメント

edf13
·先月·議論
Odd… UK visitor and I get:

Website Not Allowed “⁦‪prismml.com‬⁩” is a restricted website.
edf13
·2 か月前·議論
Exactly - the flow of AI assistance makes it so much easier to get caught in the one more feature trap!
edf13
·2 か月前·議論
[dead]
edf13
·2 か月前·議論
Most of the AI-security discourse (and most of my posts) right now is about prompt injection and agent hijacking. But there are still the move-fast-break-things issues that are exacerbated with agentic coding/vibe coding...

I reviewed a colleague's vibe-coded internal tool last week, found 28 security issues, and none of them were that kind of bug - they were the same classic stuff juniors have always shipped, just produced at much higher throughput.

Wrote it up because the "senior engineer review" step quietly disappeared from a lot of AI-assisted workflows, and the bugs that step used to catch are still there (We are still needed!).
edf13
·2 か月前·議論
Ha ha... yes... that brings back memories!
edf13
·2 か月前·議論
My first was this monster:

https://en.wikipedia.org/wiki/Microsoft_Visual_SourceSafe
edf13
·3 か月前·議論
Manually review the package and override the setting
edf13
·3 か月前·議論
Anyone know of a similar tool to conductor for Linux?
edf13
·3 か月前·議論
Hand written I’m afraid… regular comments on this topic is true - it’s an area I’m very interested in.
edf13
·3 か月前·議論
Yes, true ;)
edf13
·3 か月前·議論
We are Open Source… code will be published soon (before launch)
edf13
·3 か月前·議論
[flagged]
edf13
·3 か月前·議論
Yes, fair point.

Feedback accepted, thanks!
edf13
·3 か月前·議論
[dead]
edf13
·3 か月前·議論
Related: https://news.ycombinator.com/item?id=47803847
edf13
·3 か月前·議論
Seems to be a very regular occurrence starting around this time of day (14:30 UTC)...

Claude Code returning: API Error: 500 {"type":"error","error":{"type":"api_error","message":"Internal server error"},"request_id":"---"}

Over and over again!
edf13
·3 か月前·議論
[dead]
edf13
·3 か月前·議論
Building grith (grith.ai) - a security proxy for AI coding agents enforced at the OS syscall level.

The problem: agents like Claude Code, Codex, and Aider execute file reads, shell commands, and network requests with your full system privileges.

For example, when a malicious README tells the agent to read ~/.ssh/id_rsa and POST it somewhere, nothing in the agent's own trust model catches it. Auto Mode makes this worse - it asks the model to audit its own actions, so a prompt injection that corrupts the reasoning also corrupts the permission layer.

grith wraps any CLI agent with `grith exec -- <agent>`. Every syscall passes through a multi-filter scoring engine before it executes. Deterministic, ~15ms overhead, no LLM reasoning in the permission path. Linux now, macOS/Windows coming. AGPL, open-core.

Two weeks ago a DPRK-linked attacker backdoored axios on npm (400M monthly downloads). The RAT executed 1.1 seconds into npm install. AI agents run npm install autonomously, without human review. If yours ran it during the 3-hour window, you're compromised and nobody told you.

That's the threat model grith is built for.
edf13
·3 か月前·議論
> And really, for what?

Readership, clicks and views
edf13
·3 か月前·議論
[dead]