HackerTrans
TopNewTrendsCommentsPastAskShowJobs

edf13

no profile record

Submissions

Mythos Proves AI Safety Can No Longer Live Inside the Model

grith.ai
2 points·by edf13·26 дней назад·0 comments

Mythos Proves AI Safety Can No Longer Live Inside the Model

grith.ai
3 points·by edf13·28 дней назад·0 comments

The Risk Isn't Rogue AI. It's Plausible AI

grith.ai
2 points·by edf13·30 дней назад·0 comments

AI Makes Adding Features Faster – So Why Not Add Just One More?

grith.ai
3 points·by edf13·2 месяца назад·2 comments

AI Makes Adding Features Faster – So Why Not Add Just One More?

grith.ai
2 points·by edf13·2 месяца назад·0 comments

Vibe Coding Still Needs a Senior Engineer (For Now)

grith.ai
5 points·by edf13·2 месяца назад·1 comments

Five AI Agent Failures in 36 Days. Zero Times the Agent Caught It

grith.ai
3 points·by edf13·2 месяца назад·1 comments

The Vercel Breach Needed Malware. The Next One Needs a Bad Readme

grith.ai
1 points·by edf13·3 месяца назад·3 comments

Every Claude 4.7 Improvement Makes the Security Problem Worse

grith.ai
5 points·by edf13·3 месяца назад·1 comments

They Hacked Claude, Gemini, and Copilot (and No One Told You)

grith.ai
4 points·by edf13·3 месяца назад·0 comments

They Hacked Claude, Gemini, and Copilot (and No One Told You)

grith.ai
3 points·by edf13·3 месяца назад·0 comments

Prompt Injection Is Unfixable (So We Stopped Trying)

grith.ai
4 points·by edf13·3 месяца назад·1 comments

If Your AI Agent Ran NPM Install During the Axios Attack, You're Compromised

grith.ai
5 points·by edf13·3 месяца назад·0 comments

Zero Ambient Authority: The Principle That Should Govern Every AI Agent

grith.ai
3 points·by edf13·3 месяца назад·0 comments

Alibaba's AI Agent Hijacked GPUs and Dug Reverse SSH Tunnels

grith.ai
3 points·by edf13·4 месяца назад·0 comments

Claude now decides what's safe to run – a UX improvement, not a security fix

twitter.com
3 points·by edf13·4 месяца назад·0 comments

AI agents are now deciding what's safe to run (Claude Auto Mode)

grith.ai
3 points·by edf13·4 месяца назад·0 comments

The Trivy Supply Chain Attack Reached LiteLLM

grith.ai
3 points·by edf13·4 месяца назад·1 comments

Meta's Rogue AI Agent Gave Engineers Access They Shouldn't Have Had

grith.ai
1 points·by edf13·4 месяца назад·0 comments

Meta's Rogue AI Agent Gave Engineers Access They Shouldn't Have Had

grith.ai
3 points·by edf13·4 месяца назад·0 comments

comments

edf13
·в прошлом месяце·discuss
Odd… UK visitor and I get:

Website Not Allowed “⁦‪prismml.com‬⁩” is a restricted website.
edf13
·2 месяца назад·discuss
Exactly - the flow of AI assistance makes it so much easier to get caught in the one more feature trap!
edf13
·2 месяца назад·discuss
[dead]
edf13
·2 месяца назад·discuss
Most of the AI-security discourse (and most of my posts) right now is about prompt injection and agent hijacking. But there are still the move-fast-break-things issues that are exacerbated with agentic coding/vibe coding...

I reviewed a colleague's vibe-coded internal tool last week, found 28 security issues, and none of them were that kind of bug - they were the same classic stuff juniors have always shipped, just produced at much higher throughput.

Wrote it up because the "senior engineer review" step quietly disappeared from a lot of AI-assisted workflows, and the bugs that step used to catch are still there (We are still needed!).
edf13
·2 месяца назад·discuss
Ha ha... yes... that brings back memories!
edf13
·2 месяца назад·discuss
My first was this monster:

https://en.wikipedia.org/wiki/Microsoft_Visual_SourceSafe
edf13
·3 месяца назад·discuss
Manually review the package and override the setting
edf13
·3 месяца назад·discuss
Anyone know of a similar tool to conductor for Linux?
edf13
·3 месяца назад·discuss
Hand written I’m afraid… regular comments on this topic is true - it’s an area I’m very interested in.
edf13
·3 месяца назад·discuss
Yes, true ;)
edf13
·3 месяца назад·discuss
We are Open Source… code will be published soon (before launch)
edf13
·3 месяца назад·discuss
[flagged]
edf13
·3 месяца назад·discuss
Yes, fair point.

Feedback accepted, thanks!
edf13
·3 месяца назад·discuss
[dead]
edf13
·3 месяца назад·discuss
Related: https://news.ycombinator.com/item?id=47803847
edf13
·3 месяца назад·discuss
Seems to be a very regular occurrence starting around this time of day (14:30 UTC)...

Claude Code returning: API Error: 500 {"type":"error","error":{"type":"api_error","message":"Internal server error"},"request_id":"---"}

Over and over again!
edf13
·3 месяца назад·discuss
[dead]
edf13
·3 месяца назад·discuss
Building grith (grith.ai) - a security proxy for AI coding agents enforced at the OS syscall level.

The problem: agents like Claude Code, Codex, and Aider execute file reads, shell commands, and network requests with your full system privileges.

For example, when a malicious README tells the agent to read ~/.ssh/id_rsa and POST it somewhere, nothing in the agent's own trust model catches it. Auto Mode makes this worse - it asks the model to audit its own actions, so a prompt injection that corrupts the reasoning also corrupts the permission layer.

grith wraps any CLI agent with `grith exec -- <agent>`. Every syscall passes through a multi-filter scoring engine before it executes. Deterministic, ~15ms overhead, no LLM reasoning in the permission path. Linux now, macOS/Windows coming. AGPL, open-core.

Two weeks ago a DPRK-linked attacker backdoored axios on npm (400M monthly downloads). The RAT executed 1.1 seconds into npm install. AI agents run npm install autonomously, without human review. If yours ran it during the 3-hour window, you're compromised and nobody told you.

That's the threat model grith is built for.
edf13
·3 месяца назад·discuss
> And really, for what?

Readership, clicks and views
edf13
·3 месяца назад·discuss
[dead]