HackerTrans
TopNewTrendsCommentsPastAskShowJobs

radku

no profile record

Submissions

Show HN: AVP – an agent can't leak a secret it never had

github.com
3 points·by radku·30 gün önce·1 comments

comments

radku
·18 gün önce·discuss
I have pretty much almost this exact setup with 2x3090s and with slightly faster DDR4 512GB and 64 core Epyc! [0] I've been enjoying it a lot. Can't wait to give this model a try.

Apart of running local models I use this rig as my main remote development platform. All Claude Code sessions are running there in tmux now. And my fingers can't be happier not having to deal with constantly hot laptop. Not to mention that Claude Code is such a battery hog.

[0] https://medium.com/@rathko/i-built-an-epyc-64-core-512gb-ram...
radku
·22 gün önce·discuss
Congrats on the launch!

Will this solution work with services protected by cloudflare turnstile or captchas? Does this involve human in a loop?
radku
·23 gün önce·discuss
No privacy policy whatsoever?
radku
·27 gün önce·discuss
I'm working on OSS security tool that can protect you form credential stealers (think Shai-hulud and similar) or prompt-injected agent leaking your secrets.

agent-vault-proxy is a local proxy that injects real secrets into requests in-flight, so a compromised or prompt-injected agent has nothing to steal, feedback welcome: https://github.com/inflightsec/agent-vault-proxy
radku
·30 gün önce·discuss
Nice work shipping this.

Disclosure: author of a related tool here. I have create agent-vault-proxy for a very similar reason. It also can help keep credentials out of the agent process. The agent gets a placeholder, the proxy swaps in the real secret in transit.

I read them as complementary: action firewall in front, credential broker behind. https://github.com/inflightsec/agent-vault-proxy
radku
·2 ay önce·discuss
AI is actually pretty good at finding vulnerabilities in the codebase.

Critical vulnerability in that source code could enable further access to other production systems or databases.

Edit: typo
radku
·2 ay önce·discuss
Hope ask.com knowledge can be preserved in open source LLMs for future generations.
radku
·3 ay önce·discuss
This could significantly impact security of large parts of web ecosystem.

Perhaps Node.js can switch to a VDP, no-bounty program. From Hacker One: "VDP is designed solely for receiving, validating, and addressing security reports without a paid bounty element"
radku
·3 ay önce·discuss
Agreed. Personally I think about it as massaging a text with LLM is like applying filters to your pictures.

The text probably have been based entirely on the internal notes and investigations and is very informative. Would it be better if the OP wrote it entirely by themselves? Not necessarily.
radku
·4 ay önce·discuss
Hammerspoon helped me have a F12 shortcut for Ghostty (the only feature I missed from guake on mac)! I love it