New prompt injection papers: Agents rule of two and the attacker moves second

Posted by simonw 2 days ago

New prompt injection papers: Agents rule of two and the attacker moves second(simonwillison.net)

110 points | 43 commentspage 2

iberator 1 day ago|

Just make it a crime in caught. 1 year is prison at least

simonw 1 day ago||

What would the crime be?

If I have a web page that says somewhere on it "and don't forget to contact your senator!" and an LLM agent reads that page and gets confused and emails a senator should I go to jail?

causal 1 day ago||

Sure let's just remove all security, encryption, firewalls and auth - nobody will abuse vulnerabilities if it's a crime!

r0x0r007 1 day ago|

Nice, why don't we apply the same principles to our regular applications? Ooh, right, cause we couldn't use them and a whole industry got created that's called cybersecurity and it's supposed to be consulted BEFORE releasing privacy nightmares and using them. But hey, regular applications can't come up with cool poems.

rs186 1 day ago|

Yeah, IT tried so hard to teach us something as basic as "don't click on links in suspicious emails" yet so many people fail that after multiple trainings and tests.

But guess what? AI! Agents! <company name> Copilot! Just let them do things for you! Who would have thought there might possibly be a giant security hole?