subw00f

I'm talking inference layer compromise, someone being able to inject commands that would eventually be executed by agents/tools on the other side.

There is a massive amount of unskilled users letting LLMs decide which commands to run on their computers. I know for things like Cowork you have a sandbox, but many simply use Codex or Claude Code (and some even went above and beyond and learned to use --dangerously-skip-permissions). But what happens if an attacker is successful? What's even preventing it from happening?

I'm a BE-heavy FS dev at a small startup of 25+ people, and lately I have been getting vibe-coded PRs from PMs with an actual expectation that they should go to production and that they have saved work from devs by doing so. This is obviously not the case. Besides the obvious bizarre things I immediately catch, I always feel the need to clone it, test it myself, and usually, well, work the task again or spend much more time than I would if the PR was from another dev. I feel like I'm going crazy having to argue that this is not the best way to go, and they should probably spend more time and even use the code if they like to build better specs instead of direct contributions. What has been your experience?