←back to thread

Claude for Chrome

(www.anthropic.com)
795 points davidbarker | 5 comments | 26 Aug 25 19:01 UTC | HN request time: 0.843s | source
Show context
stusmall ◴[26 Aug 25 22:18 UTC] No.45033056[source]
It's wild to see an AI company put out a press release that is basically "hey, you kids wanna see a loaded gun?" Normally all their public coms are so full of optimism and salesmanship around the potential. They are fully aware of how dangerous this is.
replies(8): >>45033105 #>>45033148 #>>45033197 #>>45033279 #>>45033315 #>>45033347 #>>45033852 #>>45037231 #
1. asdff ◴[26 Aug 25 22:46 UTC] No.45033279[source]
> "We conducted extensive adversarial prompt injection testing, evaluating 123 test cases representing 29 different attack scenarios. "

Doesn't this seem like a remarkably small set of tests? And the fact that it took this testing to realize that prompt injection and giving the reigns to the AI agent is dangerous strikes me as strange that this wasn't anticipated while building the tool in the first place, before it even went to their red team.

Move fast and break things I guess. Only it is the worlds largest browser and the risk of breaking things means financial ruin and/or the end of the internet as we know it as a human to human communication tool.

replies(2): >>45033455 #>>45041764 #
2. whatevertrevor ◴[26 Aug 25 23:10 UTC] No.45033455[source]
I wonder how this will even fare in the review process, or if the big AI players will get a free pass here. My intuition says that it's a risk that Google/Chrome absolutely don't want to own, it will be curious to see how "Agentic" AI gets deployed in browsers from a liability fallout perspective.
replies(1): >>45033510 #
3. asdff ◴[26 Aug 25 23:15 UTC] No.45033510[source]
Probably no liability considering that is how other phishing attempts are viewed.
replies(1): >>45033694 #
4. whatevertrevor ◴[26 Aug 25 23:39 UTC] No.45033694{3}[source]
But in other phishing attempts the user actually gives out their password (unintentionally) to an unscrupulous actor. In this case there's a middle-man (the AI extension) doing that for you, sometimes without even confirming with you what you want.

I think this is more akin to say a theoretical browser not implementing HTTPS properly so people's credentials/sessions can be stolen with MiTM attacks or something. Clearly the bad behavior is in the toolchain and not the user here, and I'm not sure how much you can wave away claiming "We told you it's not fully safe." You can't sell tomatoes that have a 10% chance of giving you food poisoning, even if you declare that chance on the label, you know?

5. fwip ◴[27 Aug 25 16:25 UTC] No.45041764[source]
And even after their mitigations on known attacks, the attacks were still successful 11% of the time!

To misquote the IRA - "[Scammers] only need to be lucky once, you need to be lucky every time." Even a 1% chance of getting pwned every time you get sent a malicious email is way too high. Plus the scammers aren't gonna rest on their laurels - they'll be iterating too.