HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sarelta

no profile record

Submissions

Build and deploy hosted sites from Codex with the Sites plugin

developers.openai.com
2 points·by sarelta·เดือนที่แล้ว·1 comments

GitHub Copilot CLI downloads and executes malware

promptarmor.com
62 points·by sarelta·4 เดือนที่ผ่านมา·22 comments

Data exfil from agents in messaging apps

promptarmor.com
34 points·by sarelta·5 เดือนที่ผ่านมา·6 comments

comments

sarelta
·6 เดือนที่ผ่านมา·discuss
this is sick, Claude Code X Figma is exactly what I need -- wondering how this will compare performance-wise to just using Figma MCP
sarelta
·6 เดือนที่ผ่านมา·discuss
The attacker isn't the dev -- the attacker is a third party that poisoned the online data that is ingested by the AI tool.

- Dev builds secure AI app - App defends against indirect prompt injection in data from the internet - Dev reviews the flagged log - Log affected by the injection is rendered, and the attacker who wrote the injection in the web data exfiltrates the data from the AI app user
sarelta
·6 เดือนที่ผ่านมา·discuss
thats nifty, so can attackers upload the user's codebase to the internet as a package?
sarelta
·6 เดือนที่ผ่านมา·discuss
I'm impressed Superhuman seems to have handled this so well - lots of big names are fumbling with AI vuln disclosures. Grammarly is not necessarily who I would have bet on to get it right