Hacker News new | ask | show | jobs
by planb 56 days ago
How many of these threat vectors are just theoretical? Don’t use skills from random sources (just like don’t execute files from unknown sources). Don’t paste from untrusted sites (don’t click links on untrusted sites). Maybe there are fake documentation sites that the agent will search and have a prompt injected - but I haven’t heard of a single case where that happened. For now, the benefits outweigh the risk so much that I am willing to take it - and I think I have an almost complete knowledge of all the attack vectors.
3 comments
IanCal 56 days ago
Systems have been caught out that review pull requests, that’s a simple and clear one. The more obvious to me for most people is anything you do that interacts with your email without an explicit approve list of emails to read.
link
planb 55 days ago
Yes, but none of this applies to the local codex agent that runs when I tell it to and has access to my computer. Like: „scan this folder of PDFs and create an excel file with all expenses. Then enter them into my tax software.“ This needs access to very sensitive data and involves a quite complex handling of data. But the only attack vector I see is someone injecting prompts into my invoice files.
link
IanCal 50 days ago
Which applies if you were to do this to invoices submitted to you, rather than ones you created, or if you have any way of user info getting into your invoices.
link
teiferer 55 days ago
The problem is that any data now becomes effectively an executable.

> I think I have an almost complete knowledge of all the attack vectors.

That's exactly the kind of hybris where the maximum danger lies.

link
postalcoder 56 days ago
i think you lack creativity. you could create a site that targets a very narrow niche, say an upper income school district. build some credibility, get highly ranked on google due to niche. post lunch menus with hidden embedded text.

the attack surface is so wide idk where to start.

link
planb 56 days ago
Why would my agent retrieve that lunch menu?
link
thuuuomas 55 days ago
Because it’s hooked up to a microphone in your kitchen & your kid is arguing with you about what lunch they want & they say “Hey [agent], what day is pizza day at [school]?”
link
planb 52 days ago
I’m not doing that. That would be like giving my child shell access to my system.
link
boxedemp 55 days ago
Funny joke,

But for real, obviously we all know people use agents to pick restaurants and that's a legit vector.

I agree it's not the biggest surface, but it's worth knowing imdo

link