Comment by jonny_eh
8 hours ago
> It’s deeper: LLM-generated code, calling external APIs with real credentials, without human review.
This also follows the rule of 3s, which LLMs love, there ya go.
8 hours ago
> It’s deeper: LLM-generated code, calling external APIs with real credentials, without human review.
This also follows the rule of 3s, which LLMs love, there ya go.
Yeah, I feel like this is really the smoking gun. Because it's not actually deeper? An LLM running untrusted code is not some additional level of security violation above a plugin running untrusted code. I feel like the most annoying part of "It's not X, it's Y" is that agents often say "It's not X, it's (slightly rephrased X)", lol, but it takes like 30 seconds to work that out.
It's not just different way of saying something, it's a whole new way to express an idea.