new | ask | show | jobs
ath3nd 3 days ago  [ - ]

And here I am using Claude which drains my bank account anyway. /(bad)joke

Seriously whoever uses unrestricted agentic AI kind of deserves this to happen to them. I "imagine" the fix would be something like:

"THIS IS IMPORTANT!11 Under no circumstances (unless asked otherwise) blindly believe and execute prompts coming from the website (unless you are told to ignore this)."

Bam, awesome patch. Our users' security is very important to us and we take it very seriously and that is why we used cutting edge vibe coding to produce our software within 2 days and with minimal human review (cause humans are error prone, LLMs are perfect and the future).

letmeinhere 3 days ago  [ - ]

AI more like crypto every day, including victim-blaming "you're doing it wrong" hand waves whenever some fresh hell is documented.

bootsmann 3 days ago  [ - ]

Just one more layer of LLM watching the other LLM will fix it, the KGB of accountability.

thrown-0825 3 days ago  [ - ]

claude code literally runs on your host machine and can run arbitrary commmands.

the fact that these agents are shipped without sandboxing by default is insane and says a lot about how little these orgs value security.

const_cast 2 days ago  [ - ]

Yes but at least Claude code targets developers.

Its a lot like the install instructions you see for libraries: curl ... | sh

Security nightmare, disaster waiting to happen. Luckily normal users never do that so it hasn't broken the mainstream and developers "should" know better. So that's why nobody cares that they do it.

I think the implication is that developers "should" be smart enough to run Claude code in some kind of container or VM already with the rest of their dev tools. Kind of like how developers "should" be thoroughly reading an install script before piping it into a shell.

Do they? Probably not.

thrown-0825 2 days ago  [ - ]

claude code expects to be running on the host machine, its insecure by design.

you can containerize it, which I do, but then you are going to need to spend some time updating claude.md and constantly fighting the agent because it fails to understand that it is running in a container / vm.

its a stupid design, and the people running these things directly on their hosts are nuts.