HackerTrans
TopNewTrendsCommentsPastAskShowJobs

edf13

no profile record

Submissions

Mythos Proves AI Safety Can No Longer Live Inside the Model

grith.ai
2 points·by edf13·26 วันที่ผ่านมา·0 comments

Mythos Proves AI Safety Can No Longer Live Inside the Model

grith.ai
3 points·by edf13·28 วันที่ผ่านมา·0 comments

The Risk Isn't Rogue AI. It's Plausible AI

grith.ai
2 points·by edf13·30 วันที่ผ่านมา·0 comments

AI Makes Adding Features Faster – So Why Not Add Just One More?

grith.ai
3 points·by edf13·2 เดือนที่ผ่านมา·2 comments

AI Makes Adding Features Faster – So Why Not Add Just One More?

grith.ai
2 points·by edf13·2 เดือนที่ผ่านมา·0 comments

Vibe Coding Still Needs a Senior Engineer (For Now)

grith.ai
5 points·by edf13·2 เดือนที่ผ่านมา·1 comments

Five AI Agent Failures in 36 Days. Zero Times the Agent Caught It

grith.ai
3 points·by edf13·2 เดือนที่ผ่านมา·1 comments

The Vercel Breach Needed Malware. The Next One Needs a Bad Readme

grith.ai
1 points·by edf13·3 เดือนที่ผ่านมา·3 comments

Every Claude 4.7 Improvement Makes the Security Problem Worse

grith.ai
5 points·by edf13·3 เดือนที่ผ่านมา·1 comments

They Hacked Claude, Gemini, and Copilot (and No One Told You)

grith.ai
4 points·by edf13·3 เดือนที่ผ่านมา·0 comments

They Hacked Claude, Gemini, and Copilot (and No One Told You)

grith.ai
3 points·by edf13·3 เดือนที่ผ่านมา·0 comments

Prompt Injection Is Unfixable (So We Stopped Trying)

grith.ai
4 points·by edf13·3 เดือนที่ผ่านมา·1 comments

If Your AI Agent Ran NPM Install During the Axios Attack, You're Compromised

grith.ai
5 points·by edf13·3 เดือนที่ผ่านมา·0 comments

Zero Ambient Authority: The Principle That Should Govern Every AI Agent

grith.ai
3 points·by edf13·3 เดือนที่ผ่านมา·0 comments

Alibaba's AI Agent Hijacked GPUs and Dug Reverse SSH Tunnels

grith.ai
3 points·by edf13·4 เดือนที่ผ่านมา·0 comments

Claude now decides what's safe to run – a UX improvement, not a security fix

twitter.com
3 points·by edf13·4 เดือนที่ผ่านมา·0 comments

AI agents are now deciding what's safe to run (Claude Auto Mode)

grith.ai
3 points·by edf13·4 เดือนที่ผ่านมา·0 comments

The Trivy Supply Chain Attack Reached LiteLLM

grith.ai
3 points·by edf13·4 เดือนที่ผ่านมา·1 comments

Meta's Rogue AI Agent Gave Engineers Access They Shouldn't Have Had

grith.ai
1 points·by edf13·4 เดือนที่ผ่านมา·0 comments

Meta's Rogue AI Agent Gave Engineers Access They Shouldn't Have Had

grith.ai
3 points·by edf13·4 เดือนที่ผ่านมา·0 comments

comments

edf13
·เดือนที่แล้ว·discuss
Odd… UK visitor and I get:

Website Not Allowed “⁦‪prismml.com‬⁩” is a restricted website.
edf13
·2 เดือนที่ผ่านมา·discuss
Exactly - the flow of AI assistance makes it so much easier to get caught in the one more feature trap!
edf13
·2 เดือนที่ผ่านมา·discuss
[dead]
edf13
·2 เดือนที่ผ่านมา·discuss
Most of the AI-security discourse (and most of my posts) right now is about prompt injection and agent hijacking. But there are still the move-fast-break-things issues that are exacerbated with agentic coding/vibe coding...

I reviewed a colleague's vibe-coded internal tool last week, found 28 security issues, and none of them were that kind of bug - they were the same classic stuff juniors have always shipped, just produced at much higher throughput.

Wrote it up because the "senior engineer review" step quietly disappeared from a lot of AI-assisted workflows, and the bugs that step used to catch are still there (We are still needed!).
edf13
·2 เดือนที่ผ่านมา·discuss
Ha ha... yes... that brings back memories!
edf13
·2 เดือนที่ผ่านมา·discuss
My first was this monster:

https://en.wikipedia.org/wiki/Microsoft_Visual_SourceSafe
edf13
·3 เดือนที่ผ่านมา·discuss
Manually review the package and override the setting
edf13
·3 เดือนที่ผ่านมา·discuss
Anyone know of a similar tool to conductor for Linux?
edf13
·3 เดือนที่ผ่านมา·discuss
Hand written I’m afraid… regular comments on this topic is true - it’s an area I’m very interested in.
edf13
·3 เดือนที่ผ่านมา·discuss
Yes, true ;)
edf13
·3 เดือนที่ผ่านมา·discuss
We are Open Source… code will be published soon (before launch)
edf13
·3 เดือนที่ผ่านมา·discuss
[flagged]
edf13
·3 เดือนที่ผ่านมา·discuss
Yes, fair point.

Feedback accepted, thanks!
edf13
·3 เดือนที่ผ่านมา·discuss
[dead]
edf13
·3 เดือนที่ผ่านมา·discuss
Related: https://news.ycombinator.com/item?id=47803847
edf13
·3 เดือนที่ผ่านมา·discuss
Seems to be a very regular occurrence starting around this time of day (14:30 UTC)...

Claude Code returning: API Error: 500 {"type":"error","error":{"type":"api_error","message":"Internal server error"},"request_id":"---"}

Over and over again!
edf13
·3 เดือนที่ผ่านมา·discuss
[dead]
edf13
·3 เดือนที่ผ่านมา·discuss
Building grith (grith.ai) - a security proxy for AI coding agents enforced at the OS syscall level.

The problem: agents like Claude Code, Codex, and Aider execute file reads, shell commands, and network requests with your full system privileges.

For example, when a malicious README tells the agent to read ~/.ssh/id_rsa and POST it somewhere, nothing in the agent's own trust model catches it. Auto Mode makes this worse - it asks the model to audit its own actions, so a prompt injection that corrupts the reasoning also corrupts the permission layer.

grith wraps any CLI agent with `grith exec -- <agent>`. Every syscall passes through a multi-filter scoring engine before it executes. Deterministic, ~15ms overhead, no LLM reasoning in the permission path. Linux now, macOS/Windows coming. AGPL, open-core.

Two weeks ago a DPRK-linked attacker backdoored axios on npm (400M monthly downloads). The RAT executed 1.1 seconds into npm install. AI agents run npm install autonomously, without human review. If yours ran it during the 3-hour window, you're compromised and nobody told you.

That's the threat model grith is built for.
edf13
·3 เดือนที่ผ่านมา·discuss
> And really, for what?

Readership, clicks and views
edf13
·3 เดือนที่ผ่านมา·discuss
[dead]