←back to thread

Claude for Chrome

(www.anthropic.com)
795 points davidbarker | 1 comments | 26 Aug 25 19:01 UTC | HN request time: 0.212s | source
Show context
rustc ◴[26 Aug 25 19:10 UTC] No.45030857[source]
> Malicious actors can hide instructions in websites, emails, and documents that trick AI into taking harmful actions without your knowledge, including:

> * Accessing your accounts or files

> * Sharing your private information

> * Making purchases on your behalf

> * Taking actions you never intended

This should really be at the top of the page and not one full screen below the "Try" button.

replies(7): >>45030952 #>>45030955 #>>45031179 #>>45031318 #>>45031361 #>>45031563 #>>45032137 #
strange_quark ◴[26 Aug 25 19:17 UTC] No.45030955[source]
It's insane how we're throwing out decades of security research because it's slightly annoying to have to write your own emails.
replies(14): >>45030996 #>>45031030 #>>45031080 #>>45031091 #>>45031141 #>>45031161 #>>45031177 #>>45031201 #>>45031273 #>>45031319 #>>45031527 #>>45031531 #>>45031599 #>>45033910 #
jjice ◴[26 Aug 25 19:33 UTC] No.45031177[source]
My theory is that the average user of an LLM is close enough to the average user of a computer and I've found that the general consensus is that security practices are "annoying" and "get in the way". The same kind of user who hates anything MFA and writes their password on a sticky note that they stick to their monitor in the office.
replies(2): >>45031370 #>>45032082 #
1. TeMPOraL ◴[26 Aug 25 20:44 UTC] No.45032082[source]
> the general consensus is that security practices are "annoying" and "get in the way".

Because they usually are and they do.

> The same kind of user who hates anything MFA and writes their password on a sticky note that they stick to their monitor in the office.

This kind of user has a better feel for threat landscape than most armchair infosec specialists.

People go around security measures not out of some ill will or stupidity, but because those measures do not recognize the reality of the situation and tasks at hand.

With keeping passwords in the open or sharing them, this is common because most computer systems don't support delegation of authority - in fact, the very idea that I might want someone to do something in my name, is alien to many security people, and generally not supported explicitly, except for few cases around cloud computing. But delegation of authority is very common thing done by everyday people on many occasions. In real life, it's simple and natural to do. In digital world? Giving someone else your password is the only direct way to do this.