HackerTrans
トップ新着トレンドコメント過去質問紹介求人

tcbrah

no profile record

投稿

Effective Use-Cases for LLMs

aggressivelyparaphrasing.me
2 ポイント·投稿者 tcbrah·21 日前·0 コメント

Axios NPM supply chain incident

blog.talosintelligence.com
1 ポイント·投稿者 tcbrah·3 か月前·0 コメント

Agent Governance Toolkit: Open-source runtime security for AI agents

opensource.microsoft.com
2 ポイント·投稿者 tcbrah·3 か月前·0 コメント

Claude.ai Prompt Injection Vulnerability

oasis.security
2 ポイント·投稿者 tcbrah·3 か月前·0 コメント

Agents for Security: The Tipping Point for Offensive AI

menlovc.com
1 ポイント·投稿者 tcbrah·4 か月前·0 コメント

AI-Driven Offensive Security: The Current Landscape and What It Means

praetorian.com
1 ポイント·投稿者 tcbrah·4 か月前·0 コメント

ContextCrush: The Context7 MCP Server Vulnerability Hiding in Plain Sight

noma.security
2 ポイント·投稿者 tcbrah·4 か月前·0 コメント

Security advisory for Cargo (CVE-2026-33056)

blog.rust-lang.org
4 ポイント·投稿者 tcbrah·4 か月前·1 コメント

Rust Project Perspectives on AI

nikomatsakis.github.io
4 ポイント·投稿者 tcbrah·4 か月前·0 コメント

When Models Examine Themselves: Vocabulary-Activation Correspondence

arxiv.org
1 ポイント·投稿者 tcbrah·4 か月前·0 コメント

SQLite WAL-Reset Database Corruption Bug

sqlite.org
3 ポイント·投稿者 tcbrah·4 か月前·0 コメント

Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild

unit42.paloaltonetworks.com
3 ポイント·投稿者 tcbrah·4 か月前·0 コメント

GitHub Security Lab's open source AI-powered vulnerability scanner

github.blog
1 ポイント·投稿者 tcbrah·4 か月前·0 コメント

コメント

tcbrah
·18 日前·議論
tbf, node based editors have been "the year of" every year since blender. they all look like a murder board to me! comfyui especially has a terrible ui/ux IMO
tcbrah
·3 か月前·議論
giving meta a run for its money, esp when it was supposed to be the poster child for OSS models. deepseek is really overshadowing them rn
tcbrah
·4 か月前·議論
we've been complaining about curl | bash for like 15 years and yet here we are installing every new ai tool the exact same way lol. convenience always wins over security until it doesnt
tcbrah
·4 か月前·議論
love that "we removed the telemetry" is now a headline feature worth forking an entire project over. says a lot about where dev tooling is headed tbh
tcbrah
·4 か月前·議論
tbh the fact that they put copilot in the snipping tool tells you everything about how those decisions were being made lol
tcbrah
·4 か月前·議論
tbh the real issue isnt even prompt injection its that people give these agents full wallet access and then act suprised when they get drained lol
tcbrah
·4 か月前·議論
lol the 2025 "ai is just my pairing buddy" to 2026 "ai writes all my code" pipeline is speedrunning at this point
tcbrah
·4 か月前·議論
fair point, but there's a difference between maintaining a CLI you own vs depending on a third party to maintain a wrapper around an API you could call directly. not to mention the mcp protocol is fairly nascent whereas CLIs are much more battle-tested
tcbrah
·4 か月前·議論
the "77% cost reduction" number is doing a lot of heavy lifting here when the real play is getting your whole agent stack on cloudflare so switching costs go thru the roof lol
tcbrah
·4 か月前·議論
the fact that github still renders Private Use Area codepoints as whitespace instead of flagging them is wild tbh. like we've known about this vector since 2024 and npm/github just shrugged
tcbrah
·4 か月前·議論
tbh you can already tell whos using chatgpt to write their emails at work, everyone sounds like the same middle manager now. the homogenization isnt coming its already here
tcbrah
·4 か月前·議論
the maintenance burden is the real MCP killer nobody talks about. your agent needs github? now you depend on some npm package wrapping an API that already had good docs. i just shell out to gh cli and curl - when the API changes, the agent reads updated docs and adapts. with MCP you wait on a middleman to update a wrapper.

tptacek nailed it - once agents run bash, MCP is overhead. the security argument is weird too, it shipped without auth and now claims security as chief benefit. chroot jails and scoped tokens solved this decades ago.

only place MCP wins is oauth flows for non-technical users who will never open a terminal. for dev tooling? just write better CLIs.
tcbrah
·4 か月前·議論
ill take that as a compliment, my writing finally passed the turing test
tcbrah
·4 か月前·議論
the wildest part is algolia just not responding. you email them saying "hey 39 of your customers have admin keys in their frontend" and they ghost you? thats way worse than the keys themselves imo. like the whole point of docsearch is they manage the crawling FOR you, but then the "run your own crawler" docs basically hand you a footgun with zero guardrails. they could just... not issue admin-scoped keys through that flow
tcbrah
·4 か月前·議論
genuine question - what are you working on that needs that level of privacy? outside of NSFW stuff most API providers arent doing anything with your prompts
tcbrah
·4 か月前·議論
tbh i stopped caring about "can i run X locally" a while ago. for anything where quality matters (scripting, code, complex reasoning) the local models are just not there yet compared to API. where local shines is specific narrow tasks - TTS, embeddings, whisper for STT, stuff like that. trying to run a 70b model at 3 tok/s on your gaming GPU when you could just hit an API for like $0.002/req feels like a weird flex IMO
tcbrah
·4 か月前·議論
the confirm screen showing the actual command is lowkey the best part. i use ffmpeg daily for video assembly (concat demuxer + xfade + zoompan for ken burns) and honestly the only reason i got decent at it was reading the commands that other wrappers were generating under the hood. most ffmpeg GUIs hide that from you which defeats the purpose IMO - you end up dependent on the tool forever instead of actually learning the flags
tcbrah
·4 か月前·議論
the data leak is bad but the write access to system prompts is what keeps me up at night. they could silently rewrite how Lilli responds to 43k consultants with a single UPDATE statement - no deploy, no code review, no logs. imagine poisoning the strategic advice that gets copy pasted into client deliverables. tbh most companies i see doing AI stuff store prompts the exact same way, just rows in postgres right next to everything else
tcbrah
·4 か月前·議論
because the incentive structure is broken. if my performance review rewards me for using AI more, im going to use AI more even when i shouldn't. engineers will rubber stamp AI suggestions to hit their metrics instead of actually reviewing the code. you cant optimize for quantity of AI usage and quality of output at the same time IMO
tcbrah
·4 か月前·議論
nice, fal is solid. whats the pricing like compared to calling the model APIs directly?

lots of people are asking for my script so i'm open sourcing it fairly soon (openslop.ai if you want to get notified). currently integrating with runware, elevenlabs, cartesia, kling, runwayML but will look into integrating with fal too. would you be open to connecting to helping with integration with fal?