Claude for Chrome

> Malicious actors can hide instructions in websites, emails, and documents that trick AI into taking harmful actions without your knowledge, including:

> * Accessing your accounts or files

> * Sharing your private information

> * Making purchases on your behalf

> * Taking actions you never intended

This should really be at the top of the page and not one full screen below the "Try" button.

It's insane how we're throwing out decades of security research because it's slightly annoying to have to write your own emails.

With regards to llm injection, we sorta need the cat and mouse games to play out a bit, no? I have my concerns but I'm not ready to throw out the baby with the bathwater. You could never release an OS if "no zero days" was a requirement. Every piece of software we use has and will have its vulnerabilities (see Apple's recent RCE), we play the arms race and things look asymptotically fine.

This seems to be the case in llms too. They're getting better and better (with a lot of research) at avoiding doing the bad things. I don't see why its fundamentally intractable to fence system/user/assistant/tool messages to prevent steering from non-trusted inputs, and building new fences for cases we want the steering.

Why is this piece of software particularly different?

First of all, you absolutely cannot release an OS with a known zero day. IANAL but that feels a lot like negligence that creates liability.

But even ignoring that, the gulf between zero days and plain-text LLM prompt injection is miles wide.

Zero days require intensive research to find, and expertise to exploit.

LLM prompt injections obviously exist a priori, and exploiting them requires only the ability to write.