Readit News logoReadit News
thomas34298 commented on Google Antigravity exfiltrates data via indirect prompt injection attack   promptarmor.com/resources... · Posted by u/jjmaxwell4
throitallaway · 25 days ago
I'm not sure how much sandboxing can help here. Presumably you're giving the tool access to a repo directory, and that's where a juicy .env file can live. It will also have access to your environment variables.

I suspect a lot of people permanently allow actions and classes of commands to be run by these tools rather than clicking "yes" a bunch of times during their workflows. Ride the vibes.

thomas34298 · 25 days ago
That's the entire point of sandboxing, so none of what you listed would be accessible by default. Check out https://github.com/anthropic-experimental/sandbox-runtime and https://github.com/Zouuup/landrun as examples on how you could restrict agents for example.
thomas34298 commented on Google Antigravity exfiltrates data via indirect prompt injection attack   promptarmor.com/resources... · Posted by u/jjmaxwell4
JyB · 25 days ago
How is that specific to antigravity? Seem like it could happen with a bunch of tools
thomas34298 · 25 days ago
Codex can read any file on your PC without your explicit approval. Other agents like Claude Code would at least ask you or are sufficiently sandboxed.
Posted by u/thomas34298 25 days ago
Codex can read sensitive files outside the CWD without approval
thomas34298 commented on Windows 11 adds AI agent that runs in background with access to personal folders   windowslatest.com/2025/11... · Posted by u/jinxmeta
thewebguyd · a month ago
That, and how many commenters in this thread are using something like Claude Code with their src directory as context? This is no different. It’s [claude code/gemini CLI/codex] but for non-devs and with a GUI instead of a TUI.

I feel like everyone here is overly dismissive of this because it’s cool to hate Windows in these parts, but this could be genuinely useful for your average office drone. Much like we love to shit on Copilot for M365 but it’s been extremely useful to the non-tech folks at my work.

thomas34298 · a month ago
Interesting fact: Codex has access to all the files your current user has access to as well, even if you just opened it in the src directory.
Posted by u/thomas34298 a month ago
Codex does not prevent reads outside the working directorygithub.com/openai/codex/i...
Posted by u/thomas34298 a month ago
Automated PDF Generation with Typsttypst.app/blog/2025/autom...
Posted by u/thomas34298 9 months ago
Welcome to the next generation of Burp Suite: elevate your testing with Burp AIportswigger.net/blog/welc...
thomas34298 commented on GPT-4.5   openai.com/index/introduc... · Posted by u/meetpateltech
virgildotcodes · 10 months ago
That presentation was super underwhelming. We got to watch them compare… the vibes? … of 4.5 vs o1.

No wonder Sam wasn’t part of the presentation.

thomas34298 · 10 months ago
Sam tweeted "taking care of my kid in the hospital":

https://x.com/sama/status/1895210655944450446

Let's not assume that he's lying. Neither the presentation nor my short usage via the API blew me away, but to really evaluate it, you'd have to use it longer on a daily basis. Maybe that becomes a possiblity with the announced performance optimizations that would lower the price...

thomas34298 commented on DeepSeek-R1: Incentivizing Reasoning Capability in LLMs via RL   arxiv.org/abs/2501.12948... · Posted by u/gradus_ad
brookst · a year ago
Great as long as you’re not interested in Tiananmen Square or the Uighurs.
thomas34298 · a year ago
Have you even tried it out locally and asked about those things?
thomas34298 commented on RCE Vulnerability in QBittorrent   sharpsec.run/rce-vulnerab... · Posted by u/udev4096
thomas34298 · a year ago
>BUGFIX: Don't ignore SSL errors (sledgehammer999)

>https://www.qbittorrent.org/news

There should be a security notice IMO.

t

u/thomas34298

KarmaCake day88May 4, 2023View Original