Agent systems should be designed assuming prompt-injection and exfiltration attempts. Separating harness and compute helps keep credentials out of environments where model-generated code executes.
令人惊讶的是:OpenAI明确指出AI代理系统应假设存在提示注入和数据泄露尝试,并建议将控制层与计算层分离以保护凭据。这种安全设计理念表明,OpenAI对AI安全威胁有深刻理解,并采取了主动防御措施,这与许多开发者可能采用的被动安全方法形成鲜明对比。
for - progress trap - AI superintelligence - interview - AI safety researcher and director of the Cyber Security Laboratory at the University of Louisville - Roman Yampolskiy - progress trap - over 99% chance AI superintelligence arriving as early as 2027 will destroy humanity - article UofL - Q&A: UofL AI safety expert says artificial superintelligence could harm humanity - 2024, July 15
Youtube Kids is an example of how the product designed for kids differs from the one targeting adults. It’s much easier to navigate thanks to bigger buttons and fewer content boxes on the page. Plus the security settings on the platform make sure that younger users are safe and have access to appropriate content. Those all are parts of a thought-through design interface for children.
Just an observation here but I remember my godchild using You tube kids whilst they stayed here and we had to double check because it wasn't all good content, you tube is kind of notorious with their bad content checks and algorithms. Elsa Gate Scandal comes to mind.
Do not pass arguments right into subshell, it's as unsafe as eval.
npx link is a tool I developed as a safer and more predictable alternative to npm link.
Baum, F., Freeman, T., Musolino, C., Abramovitz, M., Ceukelaire, W. D., Flavel, J., Friel, S., Giugliani, C., Howden-Chapman, P., Huong, N. T., London, L., McKee, M., Popay, J., Serag, H., & Villar, E. (2021). Explaining covid-19 performance: What factors might predict national responses? BMJ, 372, n91. https://doi.org/10.1136/bmj.n91
Westrupp, E., Stokes, M. A., Fuller-Tyszkiewicz, M., Berkowitz, T. S., Capic, T., Khor, S., … Cummins, R. (2020, October 27). Subjective wellbeing in parents during the COVID-19 Pandemic in Australia. https://doi.org/10.31234/osf.io/8nvm3
Strings generated by devalue can be safely deserialized with eval or new Function
IZA – Institute of Labor Economics. ‘COVID-19 and the Labor Market’. Accessed 6 October 2020. https://covid-19.iza.org/publications/dp13650/.
The NYCLU found nothing in the documents outlining policies for accessing data collected by the cameras, or what faces would be fed to the system in the first place. And based on emails acquired through the same FOIL request, the NYCLU noted, Lockport administrators appeared to have a poor grasp on how to manage access to internal servers, student files, and passwords for programs and email accounts. “The serious lack of familiarity with cybersecurity displayed in the email correspondence we received and complete absence of common sense redactions of sensitive private information speaks volumes about the district’s lack of preparation to safely store and collect biometric data on the students, parents and teachers who pass through its schools every day,” an editor’s note to the NYCLU’s statement on the Lockport documents reads.