(quesma.com)

146 points jakozaur | 1 comments | 22 Oct 25 12:48 UTC | HN request time: 0.207s | source

Show context

xcf_seetan ◴[22 Oct 25 15:29 UTC] No.45670626[source]▶

>attackers can exploit local LLMs

I thought that local LLMs means they run on local computers, without being exposed to the internet.

If an attacker can exploit a local LLM, means it already compromised you system and there are better things they can do than trick the LLM to get what they can get directly.

replies(4): >>45670663 #>>45671212 #>>45671663 #>>45672038 #

simonw ◴[22 Oct 25 15:31 UTC] No.45670663[source]▶

>>45670626 #

Local LLMs may not be exposed to the internet, but if you want them to do something useful you're likely going to hook them up to an internet-accessing harness such as OpenCode or Claude Code or Codex CLI.

replies(4): >>45670688 #>>45670770 #>>45670832 #>>45670880 #

xcf_seetan ◴[22 Oct 25 15:42 UTC] No.45670832[source]▶

>>45670663 #

Fair enough. Forgive my probably ignorance, but if Claude Code can be attacked like this, doesn’t that means that also foundation LLMs are vulnerable to this, and is not a local LLM thing?

replies(1): >>45671312 #

1. simonw ◴[22 Oct 25 16:10 UTC] No.45671312[source]▶

>>45670832 #

It's not an LLM thing at all. Prompt injection has always been an attack against software that uses LLMs. LLMs on their own can't be attacked meaningfully (well, you can jailbreak them and trick them into telling you the recipe for meth but that's another issue entirely). A system that wraps an LLM with the ability for it to request tool calls like "run this in bash" is where this stuff gets dangerous.

↑

The security paradox of local LLMs