undefined | Better HN

story

0 pointsdanudey5mo ago0 comments

I'm not sure what your argument is here. We shouldn't be making a fuss about all these prompt injection attacks because they're just inevitable so don't worry about it? Or we should stop being surprised that this happens because it happens all the time?

Either way I would be extremely concerned about these use cases in any circumstance where the program is vulnerable and rapid, automatic or semi-automatic updates aren't available. My Ubuntu installation prompts me every day to install new updates, but if I want to update e.g. Kiro or Cursor or something it's a manual process - I have to see the pop-up, decide I want to update, go to the download page, etc.

These tools are creating huge security concerns for anyone who uses them, pushing people to use them, and not providing a low-friction way for users to ensure they're running the latest versions. In an industry where the next prompt injection exploit is just a day or two away, rapid iteration would be key if rapid deployment were possible.

0 comments

zahlman5mo ago

> I'm not sure what your argument is here. We shouldn't be making a fuss about all these prompt injection attacks because they're just inevitable so don't worry about it? Or we should stop being surprised that this happens because it happens all the time?

The argument is: we need to be careful about how LLMs are integrated with tools and about what capabilities are extended to "agents". Much more careful than what we currently see.

j / k navigate · click thread line to collapse

0 comments

zahlman5mo ago

The argument is: we need to be careful about how LLMs are integrated with tools and about what capabilities are extended to "agents". Much more careful than what we currently see.

j / k navigate · click thread line to collapse