halfdane
@halfdane@piefed.social
- Comment on We don't need to hack your AI Agent to hack your AI Agent - SRLabs Research 2 weeks ago:
Hu, it never occurred to me to check out these icons there - thanks for the heads-up: TIL
- Comment on We don't need to hack your AI Agent to hack your AI Agent - SRLabs Research 2 weeks ago:
Seems like you’re talking about a different article: there was no context-poisoning, or in fact even anything LLM specific in this attack.
- Comment on We don't need to hack your AI Agent to hack your AI Agent - SRLabs Research 2 weeks ago:
This wasn’t even a prompt-injection or context-poisoning attack. The vulnerable infrastructure itself exposed everything to hack into the valuable parts of the company:
Public JS asset → discover backend URL → Unauthenticated GET request triggers debug error page → Environment variables expose admin credentials → access Admin panel → see live OAuth tokens → Query Microsoft Graph → Access Millions of user profilesHasty AI deployments amplify a familiar pattern: Speed pressure from management keeps the focus on the AI model’s capabilities, leaving surrounding infrastructure as an afterthought — and security thinking concentrated where attention is, rather than where exposure is.
- Comment on France is next 1 month ago:
… aber hier wohnen? Nein danke.
- Comment on France is next 1 month ago:
Oh nein, wo bin ich den jetzt hin geraten?
- Comment on How would you spell the sound Transformers make when they transform? 2 months ago:
transforming noises
- Comment on Hooded Horse ban AI-generated art in their games: "all this thing has done is made our lives more difficult" 2 months ago:
Slop of Theseus