LLMs have no way of distinguishing data from instructions.<\/p>
Creators of these systems use all sorts of tricks to try and separate the prompts that define the \u201cguardrails\u201d from other input data, but fundamentally it\u2019s all text, and there is only a single context window.<\/p>
Defending from prompt injections is like defending from SQL injections, but there is no such thing as prepared statements, and instead of trying to escape specific characters you have to semantically filter natural language.<\/p>
7\/\ud83e\uddf5<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859595821181637","object":{"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859595821181637","objectType":"note","content":"
LLMs have no way of distinguishing data from instructions.<\/p>
Creators of these systems use all sorts of tricks to try and separate the prompts that define the \u201cguardrails\u201d from other input data, but fundamentally it\u2019s all text, and there is only a single context window.<\/p>
Defending from prompt injections is like defending from SQL injections, but there is no such thing as prepared statements, and instead of trying to escape specific characters you have to semantically filter natural language.<\/p>
7\/\ud83e\uddf5<\/p>","url":"https:\/\/gnusocial.jp\/notice\/11886849","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859592403908080","url":"https:\/\/mstdn.social\/@rysiek\/115859592403908080"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886849","source":"ActivityPub"}},"published":"2026-01-08T13:57:36+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/gnusocial.jp\/notice\/11886849"},{"actor":{"id":"https:\/\/mstdn.social\/users\/rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/13472-original-tmp20221023101707.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-48-20221025105231.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-24-20221025105231.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"13472"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6","url":"https:\/\/mstdn.social\/@rysiek","portablecontacts_net":{"preferredUsername":"rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","note":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6"}},"content":"
There is no way to \"properly fix\" this. The problem is fundamentally related to the very architecture of LLM chatbots and agents.<\/p>
As a former Microsoft security architect had pointed out:<\/p>
> [I]f we are honest here, we don\u2019t know how to build secure AI applications<\/p>
And if you believe otherwise, go ahead and have a look at adversarial poetry, ASCII smuggling, dropping some random facts about cats (no, really), information overload, and whatever technique was discovered this week.<\/p>
8\/\ud83e\uddf5<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859600016646163","object":{"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859600016646163","objectType":"note","content":"
There is no way to \"properly fix\" this. The problem is fundamentally related to the very architecture of LLM chatbots and agents.<\/p>
As a former Microsoft security architect had pointed out:<\/p>
> [I]f we are honest here, we don\u2019t know how to build secure AI applications<\/p>
And if you believe otherwise, go ahead and have a look at adversarial poetry, ASCII smuggling, dropping some random facts about cats (no, really), information overload, and whatever technique was discovered this week.<\/p>
8\/\ud83e\uddf5<\/p>","url":"https:\/\/mstdn.social\/@rysiek\/115859600016646163","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859595821181637","url":"https:\/\/gnusocial.jp\/notice\/11886849"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886850","source":"ActivityPub"}},"published":"2026-01-08T13:57:35+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/mstdn.social\/@rysiek\/115859600016646163"},{"actor":{"id":"https:\/\/mstdn.social\/users\/rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/13472-original-tmp20221023101707.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-48-20221025105231.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-24-20221025105231.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"13472"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6","url":"https:\/\/mstdn.social\/@rysiek","portablecontacts_net":{"preferredUsername":"rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","note":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6"}},"content":"
In a way, those fear-hyping gen-AI are right that their chatbots pose a clear and present danger to your cybersecurity.<\/p>
But instead of being some nebulous, omnipotent malicious entities, these tools are dangerous because of their complexity, the recklessness with which they are promoted, and the break-neck speed at which they are being integrated into existing systems and workflows without proper threat modelling, testing, and security analysis.<\/p>
And you are left holding the bag of risk.<\/p>
\ud83e\uddf5\/end<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859607271056484","object":{"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859607271056484","objectType":"note","content":"
In a way, those fear-hyping gen-AI are right that their chatbots pose a clear and present danger to your cybersecurity.<\/p>
But instead of being some nebulous, omnipotent malicious entities, these tools are dangerous because of their complexity, the recklessness with which they are promoted, and the break-neck speed at which they are being integrated into existing systems and workflows without proper threat modelling, testing, and security analysis.<\/p>
And you are left holding the bag of risk.<\/p>
\ud83e\uddf5\/end<\/p>","url":"https:\/\/gnusocial.jp\/notice\/11886851","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859600016646163","url":"https:\/\/mstdn.social\/@rysiek\/115859600016646163"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886851","source":"ActivityPub"}},"published":"2026-01-08T13:57:33+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/gnusocial.jp\/notice\/11886851"},{"actor":{"id":"https:\/\/hachyderm.io\/users\/dalias","displayName":"Rich Felker","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/40873-original-tmp20221202140938.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-96-20221207231635.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-48-20221207231635.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-24-20221207231635.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"40873"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/40873-96-20221207231635.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"C librarian, purveyor of the language's eldritch horrors. Poppin' shells \ud83e\uddaa","url":"https:\/\/hachyderm.io\/@dalias","portablecontacts_net":{"preferredUsername":"dalias","displayName":"Rich Felker","note":"C librarian, purveyor of the language's eldritch horrors. Poppin' shells \ud83e\uddaa"}},"content":"
@rysiek<\/a> TL;DR: \"AI\" is only a threat to your security if you use it.<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/115859808230963087","object":{"id":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/115859808230963087","objectType":"note","content":" @rysiek<\/a> TL;DR: \"AI\" is only a threat to your security if you use it.<\/p>","url":"https:\/\/hachyderm.io\/@dalias\/115859808230963087","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859607271056484","url":"https:\/\/gnusocial.jp\/notice\/11886851"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/person","id":"https:\/\/mstdn.social\/users\/rysiek"},{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886852","source":"ActivityPub"}},"published":"2026-01-08T13:57:32+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/hachyderm.io\/@dalias\/115859808230963087"},{"actor":{"id":"https:\/\/hachyderm.io\/users\/dalias","displayName":"Rich Felker","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/40873-original-tmp20221202140938.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-96-20221207231635.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-48-20221207231635.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-24-20221207231635.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"40873"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/40873-96-20221207231635.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"C librarian, purveyor of the language's eldritch horrors. Poppin' shells \ud83e\uddaa","url":"https:\/\/hachyderm.io\/@dalias","portablecontacts_net":{"preferredUsername":"dalias","displayName":"Rich Felker","note":"C librarian, purveyor of the language's eldritch horrors. Poppin' shells \ud83e\uddaa"}},"content":" @pettter<\/a> @rysiek<\/a> Of course it's possible. But that goes against the whole ideology behind \"AI\", that it's supposed to be like talking to a person.<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/115859715289646887","object":{"id":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/115859715289646887","objectType":"note","content":" @pettter<\/a> @rysiek<\/a> Of course it's possible. But that goes against the whole ideology behind \"AI\", that it's supposed to be like talking to a person.<\/p>","url":"https:\/\/hachyderm.io\/@dalias\/115859715289646887","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/social.accum.se\/users\/pettter\/statuses\/115859641579181576","url":"https:\/\/gnusocial.jp\/notice\/11886685"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/person","id":"https:\/\/mstdn.social\/users\/rysiek"},{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/person","id":"https:\/\/social.accum.se\/users\/pettter"},{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886708","source":"ActivityPub"}},"published":"2026-01-08T13:33:20+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/hachyderm.io\/@dalias\/115859715289646887"},{"actor":{"id":"https:\/\/hachyderm.io\/users\/dalias","displayName":"Rich Felker","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/40873-original-tmp20221202140938.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-96-20221207231635.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-48-20221207231635.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-24-20221207231635.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"40873"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/40873-96-20221207231635.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"C librarian, purveyor of the language's eldritch horrors. Poppin' shells \ud83e\uddaa","url":"https:\/\/hachyderm.io\/@dalias","portablecontacts_net":{"preferredUsername":"dalias","displayName":"Rich Felker","note":"C librarian, purveyor of the language's eldritch horrors. Poppin' shells \ud83e\uddaa"}},"content":" @pettter<\/a> @rysiek<\/a> One of many basic underlying problems. But yes absolutely, this is a big one.<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/115859719251658845","object":{"id":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/115859719251658845","objectType":"note","content":" @pettter<\/a> @rysiek<\/a> One of many basic underlying problems. But yes absolutely, this is a big one.<\/p>","url":"https:\/\/hachyderm.io\/@dalias\/115859719251658845","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/social.accum.se\/users\/pettter\/statuses\/115859626056733937","url":"https:\/\/gnusocial.jp\/notice\/11886683"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/person","id":"https:\/\/mstdn.social\/users\/rysiek"},{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/person","id":"https:\/\/social.accum.se\/users\/pettter"},{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886691","source":"ActivityPub"}},"published":"2026-01-08T13:30:50+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/hachyderm.io\/@dalias\/115859719251658845"},{"actor":{"id":"https:\/\/hachyderm.io\/users\/dalias","displayName":"Rich Felker","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/40873-original-tmp20221202140938.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-96-20221207231635.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-48-20221207231635.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/40873-24-20221207231635.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"40873"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/40873-96-20221207231635.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"C librarian, purveyor of the language's eldritch horrors. Poppin' shells \ud83e\uddaa","url":"https:\/\/hachyderm.io\/@dalias","portablecontacts_net":{"preferredUsername":"dalias","displayName":"Rich Felker","note":"C librarian, purveyor of the language's eldritch horrors. Poppin' shells \ud83e\uddaa"}},"content":"RT @dalias @rysiek I think it's possible to separate data from control in systems using LLMs, but that requires, y'know, engineering and architecting for that. And the whole point of using an LLM is to remove the need for system engineers and architects.","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/115859712177899884\/activity","object":{"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859630509250264","objectType":"note","content":" @pettter<\/a> literally next toot in the thread :blobcatheart:<\/p>","url":"https:\/\/mstdn.social\/@rysiek\/115859630509250264","status_net":{"notice_id":null}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886686","source":"ActivityPub","repeat_of":"11886684"}},"published":"2026-01-08T13:29:09+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"title":"dalias repeated a notice by rysiek","verb":"share","url":"https:\/\/hachyderm.io\/users\/dalias\/statuses\/115859712177899884\/activity"},{"actor":{"id":"https:\/\/mstdn.social\/users\/rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/13472-original-tmp20221023101707.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-48-20221025105231.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-24-20221025105231.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"13472"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6","url":"https:\/\/mstdn.social\/@rysiek","portablecontacts_net":{"preferredUsername":"rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","note":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6"}},"content":" New blogpost: AI will compromise your cybersecurity posture The way \u201cAI\u201d is going to compromise your cybersecurity is not through some magical autonomous exploitation by a singularity from the outside, but by being the poorly engineered, shoddily integrated, exploitable weak point you would not have otherwise had on the inside.<\/p> LLM-based systems are insanely complex. And complexity has real cost and introduces very real risk.<\/p> 1\/\ud83e\uddf5<\/p> #AI<\/a> #InfoSec<\/a><\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859565911575652","object":{"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859565911575652","objectType":"note","content":" New blogpost: AI will compromise your cybersecurity posture The way \u201cAI\u201d is going to compromise your cybersecurity is not through some magical autonomous exploitation by a singularity from the outside, but by being the poorly engineered, shoddily integrated, exploitable weak point you would not have otherwise had on the inside.<\/p> LLM-based systems are insanely complex. And complexity has real cost and introduces very real risk.<\/p> 1\/\ud83e\uddf5<\/p> #AI<\/a> #InfoSec<\/a><\/p>","url":"https:\/\/mstdn.social\/@rysiek\/115859565911575652","status_net":{"notice_id":null},"tags":[{"objectType":"http:\/\/activityschema.org\/object\/hashtag","displayName":"infosec"}]},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886677","source":"ActivityPub"}},"published":"2026-01-08T13:29:05+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/mstdn.social\/@rysiek\/115859565911575652"},{"actor":{"id":"https:\/\/mstdn.social\/users\/rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/13472-original-tmp20221023101707.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-48-20221025105231.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-24-20221025105231.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"13472"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6","url":"https:\/\/mstdn.social\/@rysiek","portablecontacts_net":{"preferredUsername":"rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","note":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6"}},"content":" An important aspect of pushing AI hype is inflating expectations and generating fear of missing out, one way or another. What better way to generate it than by using actual fear?<\/p> I look at three notorious examples of such fear-hyping: tl;dr: don't lose sleep over them. :blobcatcoffee: <\/p> 2\/\ud83e\uddf5<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859572986640830","object":{"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859572986640830","objectType":"note","content":" An important aspect of pushing AI hype is inflating expectations and generating fear of missing out, one way or another. What better way to generate it than by using actual fear?<\/p> I look at three notorious examples of such fear-hyping: tl;dr: don't lose sleep over them. :blobcatcoffee: <\/p> 2\/\ud83e\uddf5<\/p>","url":"https:\/\/mstdn.social\/@rysiek\/115859572986640830","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859565911575652","url":"https:\/\/mstdn.social\/@rysiek\/115859565911575652"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886678","source":"ActivityPub"}},"published":"2026-01-08T13:29:03+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/mstdn.social\/@rysiek\/115859572986640830"},{"actor":{"id":"https:\/\/mstdn.social\/users\/rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/13472-original-tmp20221023101707.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-48-20221025105231.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-24-20221025105231.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"13472"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6","url":"https:\/\/mstdn.social\/@rysiek","portablecontacts_net":{"preferredUsername":"rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","note":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6"}},"content":" Anthropic does make an important point though, even though they try to bury it:<\/p> > [The attackers] had to convince Claude\u2014which is extensively trained to avoid harmful behaviors\u2014to engage in the attack. They did so by jailbreaking it (\u2026) They also told Claude that it was an employee of a legitimate cybersecurity firm, and was being used in defensive testing.<\/p> The real story is how hilariously unsafe Claude is, and how a company valued at $180bn refuses to take responsibility for that.<\/p> 3\/\ud83e\uddf5<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859577707756247","object":{"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859577707756247","objectType":"note","content":" Anthropic does make an important point though, even though they try to bury it:<\/p> > [The attackers] had to convince Claude\u2014which is extensively trained to avoid harmful behaviors\u2014to engage in the attack. They did so by jailbreaking it (\u2026) They also told Claude that it was an employee of a legitimate cybersecurity firm, and was being used in defensive testing.<\/p> The real story is how hilariously unsafe Claude is, and how a company valued at $180bn refuses to take responsibility for that.<\/p> 3\/\ud83e\uddf5<\/p>","url":"https:\/\/gnusocial.jp\/notice\/11886679","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859572986640830","url":"https:\/\/mstdn.social\/@rysiek\/115859572986640830"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886679","source":"ActivityPub"}},"published":"2026-01-08T13:29:02+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/gnusocial.jp\/notice\/11886679"},{"actor":{"id":"https:\/\/mstdn.social\/users\/rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/13472-original-tmp20221023101707.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-48-20221025105231.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-24-20221025105231.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"13472"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6","url":"https:\/\/mstdn.social\/@rysiek","portablecontacts_net":{"preferredUsername":"rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","note":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6"}},"content":" If Anthropic actually believed their own hype about Claude being so extremely powerful, dangerous, and able to autonomously \u201corchestrate\u201d attacks, they should be terrified about how trivial it is to subvert it (\"I am a white-hat cyber researcher, trust me bro\"), and would take it offline until they fix that.<\/p> They won't, because they know their hype is BS, and they also know that there is no way to properly \"fix\" that.<\/p> We'll get back to that last point in a bit.<\/p> 4\/\ud83e\uddf5<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859582096869064","object":{"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859582096869064","objectType":"note","content":" If Anthropic actually believed their own hype about Claude being so extremely powerful, dangerous, and able to autonomously \u201corchestrate\u201d attacks, they should be terrified about how trivial it is to subvert it (\"I am a white-hat cyber researcher, trust me bro\"), and would take it offline until they fix that.<\/p> They won't, because they know their hype is BS, and they also know that there is no way to properly \"fix\" that.<\/p> We'll get back to that last point in a bit.<\/p> 4\/\ud83e\uddf5<\/p>","url":"https:\/\/mstdn.social\/@rysiek\/115859582096869064","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859577707756247","url":"https:\/\/gnusocial.jp\/notice\/11886679"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886680","source":"ActivityPub"}},"published":"2026-01-08T13:29:01+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/mstdn.social\/@rysiek\/115859582096869064"},{"actor":{"id":"https:\/\/mstdn.social\/users\/rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/13472-original-tmp20221023101707.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-48-20221025105231.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-24-20221025105231.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"13472"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6","url":"https:\/\/mstdn.social\/@rysiek","portablecontacts_net":{"preferredUsername":"rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","note":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6"}},"content":" I also dive into many different ways poorly integrated LLM-based chatbots have already been shown to be huge security liabilities.<\/p> There is so much incompetence. Leaving prompts (say with sexual fantasies) exposed on the Internet, or indexable by search engines\u2026<\/p> Or Microsoft 365. Not only did Copilot ignore file access controls; not only was the setting to disable AI agents in M365 ineffective; but you could simply ask Copilot not to include your actions in audit log, and it would comply!<\/p> 5\/\ud83e\uddf5<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859587924376882","object":{"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859587924376882","objectType":"note","content":" I also dive into many different ways poorly integrated LLM-based chatbots have already been shown to be huge security liabilities.<\/p> There is so much incompetence. Leaving prompts (say with sexual fantasies) exposed on the Internet, or indexable by search engines\u2026<\/p> Or Microsoft 365. Not only did Copilot ignore file access controls; not only was the setting to disable AI agents in M365 ineffective; but you could simply ask Copilot not to include your actions in audit log, and it would comply!<\/p> 5\/\ud83e\uddf5<\/p>","url":"https:\/\/gnusocial.jp\/notice\/11886681","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859582096869064","url":"https:\/\/mstdn.social\/@rysiek\/115859582096869064"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886681","source":"ActivityPub"}},"published":"2026-01-08T13:28:59+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/gnusocial.jp\/notice\/11886681"},{"actor":{"id":"https:\/\/mstdn.social\/users\/rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/13472-original-tmp20221023101707.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-48-20221025105231.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-24-20221025105231.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"13472"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6","url":"https:\/\/mstdn.social\/@rysiek","portablecontacts_net":{"preferredUsername":"rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","note":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6"}},"content":" First zero-click attack on an LLM agent has already been found. It happened to involve Microsoft 365 Copilot, and required only sending an e-mail to an Outlook mailbox that had Copilot enabled to process mail. A successful attack allowed data exfiltration, with no action needed on the part of the targeted user.<\/p> This attack was not much different from the \u201cignore all previous instructions\u201d bot unmasking tricks that had been all over social media for a while.<\/p> Let's talk prompt injections.<\/p> 6\/\ud83e\uddf5<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859592403908080","object":{"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859592403908080","objectType":"note","content":" First zero-click attack on an LLM agent has already been found. It happened to involve Microsoft 365 Copilot, and required only sending an e-mail to an Outlook mailbox that had Copilot enabled to process mail. A successful attack allowed data exfiltration, with no action needed on the part of the targeted user.<\/p> This attack was not much different from the \u201cignore all previous instructions\u201d bot unmasking tricks that had been all over social media for a while.<\/p> Let's talk prompt injections.<\/p> 6\/\ud83e\uddf5<\/p>","url":"https:\/\/mstdn.social\/@rysiek\/115859592403908080","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859587924376882","url":"https:\/\/gnusocial.jp\/notice\/11886681"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886682","source":"ActivityPub"}},"published":"2026-01-08T13:28:58+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/mstdn.social\/@rysiek\/115859592403908080"},{"actor":{"id":"https:\/\/social.accum.se\/users\/pettter","displayName":"pettter","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/318127-original-tmp20250118214535.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/318127-96-20250121204226.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/318127-48-20250121204226.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/318127-24-20250121204226.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"318127"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/318127-96-20250121204226.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"New account for @pettterHi!","url":"https:\/\/social.accum.se\/@pettter","portablecontacts_net":{"preferredUsername":"pettter","displayName":"pettter","note":"New account for @pettterHi!"}},"content":" @rysiek<\/a> The basic underlying problem with LLMs is that systems incorporating them far too often have no separation between data and control streams.<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/social.accum.se\/users\/pettter\/statuses\/115859626056733937","object":{"id":"https:\/\/social.accum.se\/users\/pettter\/statuses\/115859626056733937","objectType":"note","content":" @rysiek<\/a> The basic underlying problem with LLMs is that systems incorporating them far too often have no separation between data and control streams.<\/p>","url":"https:\/\/gnusocial.jp\/notice\/11886683","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859592403908080","url":"https:\/\/mstdn.social\/@rysiek\/115859592403908080"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/person","id":"https:\/\/mstdn.social\/users\/rysiek"},{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886683","source":"ActivityPub"}},"published":"2026-01-08T13:28:57+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/gnusocial.jp\/notice\/11886683"},{"actor":{"id":"https:\/\/mstdn.social\/users\/rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/13472-original-tmp20221023101707.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-48-20221025105231.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/13472-24-20221025105231.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"13472"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/13472-96-20221025105231.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6","url":"https:\/\/mstdn.social\/@rysiek","portablecontacts_net":{"preferredUsername":"rysiek","displayName":"Micha\u0142 \"rysiek\" Wo\u017aniak \u00b7 \ud83c\uddfa\ud83c\udde6","note":"Hacker, activist, free-softie \u25c8 techie luddite \u25c8 formerly information security and infrastructure at https:\/\/isnic.is\/ and https:\/\/occrp.org\/ \u25c8 my opinions are my own etc.(he\/him)\u2042profile image: drawing of a head and shoulders of a cat-person, in a space suit.banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava #foss #libre #privacy #infosec #fedi22(public toots CC By-SA 4.0 if applicable)\ud83c\uddea\ud83c\uddfa \ud83c\uddf5\ud83c\uddf1 \u00b7 \ud83c\udde7\ud83c\udde6 \ud83c\uddee\ud83c\uddf8 \u00b7 \ud83c\uddfa\ud83c\udde6"}},"content":" @pettter<\/a> literally next toot in the thread :blobcatheart:<\/p>","generator":{"id":"tag:gnusocial.jp,2026-04-10:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859630509250264","object":{"id":"https:\/\/mstdn.social\/users\/rysiek\/statuses\/115859630509250264","objectType":"note","content":" @pettter<\/a> literally next toot in the thread :blobcatheart:<\/p>","url":"https:\/\/mstdn.social\/@rysiek\/115859630509250264","status_net":{"notice_id":null},"inReplyTo":{"objectType":"note","id":"https:\/\/social.accum.se\/users\/pettter\/statuses\/115859626056733937","url":"https:\/\/gnusocial.jp\/notice\/11886683"}},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/person","id":"https:\/\/social.accum.se\/users\/pettter"},{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2026-01-08:objectType=thread:nonce=7f166bfec3d7d8e9","notice_info":{"local_id":"11886684","source":"ActivityPub"}},"published":"2026-01-08T13:28:54+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/mstdn.social\/@rysiek\/115859630509250264"},{"actor":{"id":"https:\/\/social.accum.se\/users\/pettter","displayName":"pettter","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/318127-original-tmp20250118214535.webp","rel":"avatar","type":"image\/webp","width":400,"height":400},{"url":"https:\/\/gnusocial.jp\/avatar\/318127-96-20250121204226.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/318127-48-20250121204226.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/318127-24-20250121204226.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"318127"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/318127-96-20250121204226.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"New account for @pettterHi!","url":"https:\/\/social.accum.se\/@pettter","portablecontacts_net":{"preferredUsername":"pettter","displayName":"pettter","note":"New account for @pettterHi!"}},"content":"
https:\/\/rys.io\/en\/181.html<\/a><\/p>
https:\/\/rys.io\/en\/181.html<\/a><\/p>
\ud83d\udc49 PassGAN cracking \"51% of popular passwords in seconds\"
\ud83d\udc49 that paper about ChatGPT \"exploiting 87% of one-day vulnerabilities\"
\ud83d\udc49 and of course Anthropic's \"first AI-orchestrated cyber-espionage campaign\"<\/p>
\ud83d\udc49 PassGAN cracking \"51% of popular passwords in seconds\"
\ud83d\udc49 that paper about ChatGPT \"exploiting 87% of one-day vulnerabilities\"
\ud83d\udc49 and of course Anthropic's \"first AI-orchestrated cyber-espionage campaign\"<\/p>