Comment by 0xbadcafebee
Comment by 0xbadcafebee 3 hours ago
That's a bit of an understatement. Every single LLM is 100% vulnerable by design. There is no way to close the hole. Simple mitigations like "allow lists" can be trivially worked around, either by prompt injection, or by the AI just deciding to work around it itself (reward hacking). The only solution is to segregate the LLM from all external input, and prevent it from making outbound network calls. And though MCPs and jails are the beginning of a mitigation for it, it gets worse: the AI can write obfuscated backdoors and slip them into your vibe-coded apps, either as code, or instructions to be executed by LLM later.
It's a machine designed to fight all your attempts to make it secure.
Moltbot is not quite de regieur prompt injection "is it instructions or data?" built-in vulnerability.
This was "I'm going to release an open agent with an open agents directory that operates your personal computer remotely!", I deeply understand the impulse, but there's a fine line between cutting edge and irresponsible & making excuses.
I'm not even sure 100% how what side I would place it on. I have a soft spot for the author, and a sinking feeling that without that, I'd certainly choose "irresponsible".