Comment by planb

5 days ago

How many of these threat vectors are just theoretical? Don’t use skills from random sources (just like don’t execute files from unknown sources). Don’t paste from untrusted sites (don’t click links on untrusted sites). Maybe there are fake documentation sites that the agent will search and have a prompt injected - but I haven’t heard of a single case where that happened. For now, the benefits outweigh the risk so much that I am willing to take it - and I think I have an almost complete knowledge of all the attack vectors.

8 comments

planb

Reply
teiferer  4 days ago

The problem is that any data now becomes effectively an executable.

> I think I have an almost complete knowledge of all the attack vectors.

That's exactly the kind of hybris where the maximum danger lies.

IanCal  5 days ago

Systems have been caught out that review pull requests, that’s a simple and clear one. The more obvious to me for most people is anything you do that interacts with your email without an explicit approve list of emails to read.

  • planb  4 days ago

    Yes, but none of this applies to the local codex agent that runs when I tell it to and has access to my computer. Like: „scan this folder of PDFs and create an excel file with all expenses. Then enter them into my tax software.“ This needs access to very sensitive data and involves a quite complex handling of data. But the only attack vector I see is someone injecting prompts into my invoice files.

postalcoder  5 days ago

i think you lack creativity. you could create a site that targets a very narrow niche, say an upper income school district. build some credibility, get highly ranked on google due to niche. post lunch menus with hidden embedded text.

the attack surface is so wide idk where to start.

  • planb  5 days ago

    Why would my agent retrieve that lunch menu?

    • thuuuomas  4 days ago

      Because it’s hooked up to a microphone in your kitchen & your kid is arguing with you about what lunch they want & they say “Hey [agent], what day is pizza day at [school]?”

      1 reply →

    • boxedemp  4 days ago

      Funny joke,

      But for real, obviously we all know people use agents to pick restaurants and that's a legit vector.

      I agree it's not the biggest surface, but it's worth knowing imdo