[pbronez]

I’m kinda terrified by the security implications of the Prompt API.

This is a way for web services to make your computer complete large amounts of compute at their behest. Tokens have value. There will be incentive for bad actors to use your local LLM for their own purposes, much like hostile crypto mining payloads.

This is an obvious target for prompt injection attacks and other malicious remote code execution. In many ways, model prompts ARE programs. The browser / local device would need to provide an LLM with the same sandbox guarantees as the rest of the browser. Can they be trusted to do that? Does anyone understand this well enough to do that with confidence?

I’m a big fan of local models, but I would be very cautious about letting random websites call the model I’m hosting on my local machine with open source software.

[LauraMedia]

Yeah I wonder, who says I can't build a "cryptominer like" script that injects into many websites and just uses this local LLM api, performs a request from a queue and sends the response to a server, practically creating my very own LLM botnet?

[tln]

> Does anyone understand this well enough to do that with confidence?

Pretty sure Chrome wouldn't ship if they weren't confident. And Firefox would object based on security grounds if they saw such an issue