←back to thread

Claude for Chrome

(www.anthropic.com)
795 points davidbarker | 6 comments | 26 Aug 25 19:01 UTC | HN request time: 1.291s | source | bottom
Show context
rustc ◴[26 Aug 25 19:10 UTC] No.45030857[source]
> Malicious actors can hide instructions in websites, emails, and documents that trick AI into taking harmful actions without your knowledge, including:

> * Accessing your accounts or files

> * Sharing your private information

> * Making purchases on your behalf

> * Taking actions you never intended

This should really be at the top of the page and not one full screen below the "Try" button.

replies(7): >>45030952 #>>45030955 #>>45031179 #>>45031318 #>>45031361 #>>45031563 #>>45032137 #
strange_quark ◴[26 Aug 25 19:17 UTC] No.45030955[source]
It's insane how we're throwing out decades of security research because it's slightly annoying to have to write your own emails.
replies(14): >>45030996 #>>45031030 #>>45031080 #>>45031091 #>>45031141 #>>45031161 #>>45031177 #>>45031201 #>>45031273 #>>45031319 #>>45031527 #>>45031531 #>>45031599 #>>45033910 #
1. parhamn ◴[26 Aug 25 19:40 UTC] No.45031319[source]
With regards to llm injection, we sorta need the cat and mouse games to play out a bit, no? I have my concerns but I'm not ready to throw out the baby with the bathwater. You could never release an OS if "no zero days" was a requirement. Every piece of software we use has and will have its vulnerabilities (see Apple's recent RCE), we play the arms race and things look asymptotically fine.

This seems to be the case in llms too. They're getting better and better (with a lot of research) at avoiding doing the bad things. I don't see why its fundamentally intractable to fence system/user/assistant/tool messages to prevent steering from non-trusted inputs, and building new fences for cases we want the steering.

Why is this piece of software particularly different?

replies(3): >>45031350 #>>45031401 #>>45031412 #
2. freeone3000 ◴[26 Aug 25 19:42 UTC] No.45031350[source]
Because the flaws are glaring, obvious, and easily avoidable.
3. mynameismon ◴[26 Aug 25 19:46 UTC] No.45031401[source]
At the same time, manufacturers do not release operating systems with extremely obvious flaws that have (atleast so far) no reasonable guardrails and pretend that they are the next messiah.
4. asgraham ◴[26 Aug 25 19:47 UTC] No.45031412[source]
First of all, you absolutely cannot release an OS with a known zero day. IANAL but that feels a lot like negligence that creates liability.

But even ignoring that, the gulf between zero days and plain-text LLM prompt injection is miles wide.

Zero days require intensive research to find, and expertise to exploit.

LLM prompt injections obviously exist a priori, and exploiting them requires only the ability to write.

replies(2): >>45031976 #>>45037142 #
5. warkdarrior ◴[26 Aug 25 20:33 UTC] No.45031976[source]
> you absolutely cannot release an OS with a known zero day. IANAL but that feels a lot like negligence that creates liability.

You would think Microsoft, Apple, and Linux would have been sued like crazy by now over 0-days.

6. knowannoes ◴[27 Aug 25 09:11 UTC] No.45037142[source]
>First of all, you absolutely cannot release an OS with a known zero day.

There is no such thing as a 'known zero day' vulnerability.

Zero day vulnerability means it is a newly discovered one. Today. The day zero.