LLMs can live in the cloud, but <i>all</i> tools need to be (1) local, and (2) containerized. It's clear to me that just willy-nilly "running stuff" is going to blow things up eventually. Maybe folks don't know this, but even Codex installs random binaries on your PC. "Read this PDF" installs a pdf reader <i>executable</i>. Is it vetted? Where's it from? Is it a virus? Who knows, who cares. Model goes brrrr.<p>I'm working on a project that includes WASI containerization for local LLM workflows (which is a pretty tough problem), and I'm flabbergasted that Anthropic and OpenAI aren't more worried about these attack vectors. It feels like amateur hour.
> This attack occurs when any untrusted data source (e.g., from an imported sheet or ChatGPT connector) manipulates ChatGPT to run an attacker-controlled external script, which executes leveraging permissions the user has granted to the ChatGPT for Google Sheets extension.<p>Yeah, I don't like the sound of that at all.
As it turns out, we do need some proper application layer to do real, secure work with AI, and just plugging in LLMs into confidential or critical infrastructure willy nilly doesn't work.
The lethal trifecta strikes again.
Turns out that some of the people building the software with AI have no clue how to secure them or even know it is riddled with security holes added by the AI.<p>Pure vibes.
I don't think anyone is surprised by it. People are not vibe-coding zombies... yet.<p>It's a matter of one trillion-dollar company not falling behind another trillion-dollar company. They know what they are doing and are OK with it.
Even the people that do know better are so lazy now because of LLMs these things are happening at a rapid clip.The only thing that matters now is speed and chasing the dopamine dragon of pseudo productivity.
So is your business model to expose AI security issues and then sell the solution?