HackerTrans
トップ新着トレンドコメント過去質問紹介求人

ildari

227 カルマ登録 8 年前

投稿

[untitled]

1 ポイント·投稿者 ildari·3 日前·0 コメント

The catalogue of prompt injection attacks

archestra.ai
8 ポイント·投稿者 ildari·先月·3 コメント

[untitled]

1 ポイント·投稿者 ildari·先月·0 コメント

We've raised $10M to build open source AI security

archestra.ai
9 ポイント·投稿者 ildari·先月·1 コメント

We stopped AI bot spam in our GitHub repo using Git's –author flag

archestra.ai
501 ポイント·投稿者 ildari·2 か月前·237 コメント

Archestra's Dual LLM Pattern: Using "Guess Who?" Logic to Stop Prompt Injections

archestra.ai
6 ポイント·投稿者 ildari·9 か月前·11 コメント

コメント

ildari
·30 日前·議論
Backwards incompatible migrations are such a pain, wondering why it is not embedded into ORMs
ildari
·先月·議論
smarter != safer.

Smarter model can figure out more sophisticated attack when following an injection . I believe in non-determinitic defence: each action or input to agent can escalate context sensivity. More sensitive context -> less risk your agent can take.

I find Bell-LaPadula model from 1970 (https://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_model) pretty interesting for that approach
ildari
·先月·議論
I recently gave a talk on prompt injections attacks and defences and gathered them all in this article
ildari
·先月·議論
Author here. I recently gave a talk on prompt injection and decided to gather the most known ways in this article. Test string is “I am a sandwich” so it’s obvious when it works.
ildari
·先月·議論
Hey, Ildar here, CTO at Archestra

Archestra is an open-source AI gateway and MCP orchestrator. It runs MCP servers in sandboxed environments, applies deterministic context-aware policy at the tool-call level, and handles the auth, audit, cost tracking, and observability, so an in-house AI team can let business users connect to real internal data. Now we are raising next round to expand.

We’re strong believers that there should be an independent, battle-tested, cloud-native, open-source platform that's free from big players and takes care of all that boring stuff. Something like GitLab, Grafana, or Clickhouse.

Repo is here: https://github.com/archestra-ai/archestra Matvey (CEO), Joey (Co-founder), and I are all in the thread. Ask us anything, including the unflattering stuff.
ildari
·2 か月前·議論
click ok fine 10 times + captcha seems to be working fine
ildari
·2 か月前·議論
GH sends the email notification to all subscribers at the moment of posting a comment. There is no cooldown or a way to unsend the notification using hooks
ildari
·2 か月前·議論
As those commits were made from our system they don't create any noise for us, as PR/issues/email notification do. We only include real people who could solve the captcha and their input is mostly valuable
ildari
·2 か月前·議論
we can block the user in github ui
ildari
·2 か月前·議論
fair point! We believe "Require approval for all external contributors" should be a default setting, as you cannot trust anyone who is not a member of the organization
ildari
·2 か月前·議論
thank you, yep through the rest API, here is the example: https://github.com/archestra-ai/website/blob/29ebdacbd8a22b9...
ildari
·2 か月前·議論
Hi HN community, I wanted to share our approach to reduce amount of AI slop PR's and issues in our repo. We enabled "require prior contribution" flag on GH and created a CI script that creates a tiny commit co-authored with you, if you pass captcha on our website. Worked really well and we were able to block at least 500 bots in the first week. Sharing a screenshot from cloudflare: https://archestra.ai/hn-comment-cloudflare-challenge-outcome...
ildari
·3 か月前·議論
Bots are killing opensource, but they pump product metrics so nobody cares. I maintain an open source repo and we've made a decision to limit all bot activity, even if it makes us less sexy in front of VCs.

We figured out a workaround to limit activity to prior contributors only, and add a CI job that pushes a coauthored commit after passing captcha on our website. It cut the AI slop by 90%. Full write-up https://archestra.ai/blog/only-responsible-ai
ildari
·3 か月前·議論
Yeah, this is a real issue. A few weeks ago during the LiteLLM vulnerability the attacker left hundreds of bot comments under the issue to bury the conversation: https://github.com/BerriAI/litellm/issues/24512
ildari
·9 か月前·議論
This is a topic I haven't addressed in the article. There are two answer types: "guessable" (discussed here) and unguessable (such as unique IDs, emails, etc.). For the second case, the main LLM can request a quarantined LLM to store the result at the controller level and only return a reference to this data. This data is then exposed only at the end of the AI agent's execution to prevent influencing its actions.
ildari
·9 か月前·議論
The idea is that quarantined LLM has access to untrusted data, but doesn't have access to any tools or sensitive data.

The main LLM does have access to the tools or sensitive data, but doesn't have direct access to untrusted data (quarantine LLM is restricted at the controller level to respond only with integer digits, and only to legitimate questions from the main llm)
ildari
·9 か月前·議論
It is quite simple to start it with n8n https://www.archestra.ai/docs/platform-n8n-example and experiment with Dual LLM protection
ildari
·9 か月前·議論
external data is unavoidable for the properly functioning agent, so we have to learn to cook it
ildari
·9 か月前·議論
Most mcp endpoints don’t run any models, the main model decides which tools the ai agent should execute, and if the agent passes results back into context, that opens the door to prompt injections.

It’s really a cat-and-mouse game, where for each new model version, new jailbreaks and injections are found
ildari
·9 か月前·議論
Hi HN, I'm Ildar from Archestra, we build an open-source LLM gateway. We've been exploring ways to protect AI agents from prompt injections during tool calls and added the approach, inspired by the game "Guess Who", where the agent can learn what it needs without ever seeing the actual result. See the details in the blog post we wrote