This is an edited version of a post I wrote for the Liberis internal engineering blog - it is not particularly original, most of the ideas come directly from Simon Willison’s article “Lethal Trifecta for AI agents” - but I thought it was worth writing a summary for our engineers, and sharing it more widely. Bruce Schneier summarised the current Agentic AI situation in his blog: We simply don’t know how to defend against these attacks. We have zero agentic AI systems that are secure ag...| Korny's Blog
Part of me is always unnerved when I see people running claude --dangerously-skip-permissions or codex --yolo to give them unfettered ability to run commands on their machine. Admittedly, I do usually hit approve when I’m asked about a specific command, so I certainly understand the temptation to just avoid all that fuss and do a blanket approval. With the next generation of apps that people are building to control everything on your computer via some AI chat interface, it feels perhaps eve...| sophiebits.com
A developer's guide to downloading and running LLMs on macOS, for experimentation and privacy.| blog.6nok.org
Tools#| llm.datasette.io
Staking out a position in an evolving world; trying to figure out whether ethical AI usage is possible; charting a course between the doomsters and the boosters.| roblog.co.uk
Why ordinary-looking emails, comments, and diagrams can hijack LLMs| Fogel.dev
I gave a talk on Wednesday at the Bay Area AI Security Meetup about prompt injection, the lethal trifecta and the challenges of securing systems that use MCP. It wasn’t …| Simon Willison’s Weblog
Magenta RealTime: An Open-Weights Live Music Model| Bionic Teaching
Here's yet another example of a lethal trifecta attack, where an LLM system combines access to private data, exposure to potentially malicious instructions and a mechanism to communicate data back …| Simon Willison’s Weblog
I use AI a lot for work, pretty much all day every day. I use coding assistants and custom agents I’ve built. I use AI to help code review changes, dig into bugs, and keep track of my projects. I’ve found lots of things it’s very helpful with, and lots of things it’s terrible at. If there’s one thing I have definitely learned: it does not work the way I imagined.| cocoaphony.micro.blog