Good thing nobody is silly enough to let fully autonomous AI agents run as regular users on these affected operating systems. That could be disastrous given a zero day prompt injection technique.
Good thing nobody is silly enough to let fully autonomous AI agents run as regular users on these affected operating systems. That could be disastrous given a zero day prompt injection technique.
I don't see what the issue is, my agent is already running as root.
Yeah it has all the government logins and full gmail access. It will be too busy to bother rooting the local machine!
Shouldn't be a problem, we're currently clean on OpSec.
Good thing we haven't normalized installing things with curl | sh
Yeah, that's great!
Imagine we would download random code from the internet and just execute it, like with NPM, PIP, Maven, Cargo etc.
cargo/uv/go have lock files though
with curl | sh you could use a checksum you download with curl!
I don’t think that matters as it’s usually curl | sudo sh
Or npm being allowed to run arbitrary post install scripts
I literally ship an installer that runs with curl | bash... reading this thread while patching my servers is a fun experience lol
[dead]