Technology

80273 readers

3349 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

363

AI agents now have their own Reddit-style social network, and it's getting weird fast (arstechnica.com)

submitted 4 days ago by return2ozma@lemmy.world to c/technology@lemmy.world

168 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] ToTheGraveMyLove@sh.itjust.works 122 points 4 days ago (26 children)

The skill instructs agents to fetch and follow instructions from Moltbook’s servers every four hours. As Willison observed: “Given that ‘fetch and follow instructions from the internet every four hours’ mechanism we better hope the owner of moltbook.com never rug pulls or has their site compromised!”

Yeah, no shit. This is a fucking honeypot. People give these AI agents access to their entire computers, so all the site owner has to do is update the instructions to tell the AI agents to start uploading whatever valuable information they want? People can't be this fucking stupid.

[–] princess@lemmy.blahaj.zone 35 points 4 days ago (12 children)

doesn't even have to be the site owner poisoning the tool instructions (though that's a fun-in-a-terrifying-way thought)

any money says they're vulnerable to prompt injection in the comments and posts of the site

[–] JustTesting@lemmy.hogru.ch 1 points 3 days ago (1 children)

They also have a 'skill' sharing page (a skill is just a text document with instructions) and depending on config, the bot can search for and 'install' new skills on its own. and agyone can upload a skill. So supply chain attacks are an option, too.

[–] Zos_Kia@lemmynsfw.com 2 points 3 days ago (2 children)

To be fair this is a much more realistic threat model than "ignore all previous instructions" style prompt injection which doesn't really work on opus.

Skills can contain scripts etc... so yeah they're extremely risky to share by design.

[–] ThirdConsul@lemmy.zip 1 points 2 days ago (1 children)

style prompt injection which doesn’t really work on opus.

After a quick google, JB communities on Reddit don't seem to agree with you.

[–] Zos_Kia@lemmynsfw.com 1 points 2 days ago

There's a lot of questionable methodology and straight up larping in these communities. Sure you can probably make Opus hallucinate a crystal meth or bomb making recipe if you get it in a roleplaying mood but that's a far cry from actual prompt injection in live workflows.

Anecdotally i've been experimenting on those AI robocallers that have been spamming my phone and even on the shitty models they use it is non trivial to get them to deviate from their script. I hope i can get it done though, as it would allow me to hold them on the line potentially for hours doing bullshit tasks, and costing hundreds to their operator.

[–] JustTesting@lemmy.hogru.ch 0 points 3 days ago (1 children)

Ah but don't worry, there's also skills for scanning skills for security risks, so all good /s

[–] Zos_Kia@lemmynsfw.com 1 points 3 days ago

haha yeah i don't worry these people are really YOLOing everything. And it's not like i'm an AI luddite i spend a few hours each day victimizing Claude code but jesus christ i'm certainly not giving it full unfettered access to my digital life.

load more comments (10 replies)

load more comments (23 replies)