lethal trifecta – Experimental News Clipping Site

Embrace The Red: Wrap Up: The Month of AI Bugs

Aug 31, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/wrapping-up-month-of-ai-bugs/ Source: Embrace The Red Title: Wrap Up: The Month of AI Bugs Feedly Summary: That’s it. The Month of AI Bugs is done. There won’t be a post tomorrow, because I will be at PAX West. Overview of Posts ChatGPT: Exfiltrating Your Chat History and Memories With Prompt Injection | Video ChatGPT…

Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets

Aug 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/windsurf-data-exfiltration-vulnerabilities/ Source: Embrace The Red Title: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets Feedly Summary: This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors…

Simon Willison’s Weblog: The Summer of Johann: prompt injections as far as the eye can see

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/15/the-summer-of-johann/#atom-everything Source: Simon Willison’s Weblog Title: The Summer of Johann: prompt injections as far as the eye can see Feedly Summary: Independent AI researcher Johann Rehberger has had an absurdly busy August. Under the heading The Month of AI Bugs he has been publishing one report per day across an array of different…

Simon Willison’s Weblog: Screaming in the Cloud: AI’s Security Crisis: Why Your Assistant Might Betray You

Aug 13, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/13/screaming-in-the-cloud/ Source: Simon Willison’s Weblog Title: Screaming in the Cloud: AI’s Security Crisis: Why Your Assistant Might Betray You Feedly Summary: Screaming in the Cloud: AI’s Security Crisis: Why Your Assistant Might Betray You I recorded this podcast conversation with Corey Quinn a few weeks ago: On this episode of Screaming in the…

Simon Willison’s Weblog: AI for data engineers with Simon Willison

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/11/ai-for-data-engineers/#atom-everything Source: Simon Willison’s Weblog Title: AI for data engineers with Simon Willison Feedly Summary: AI for data engineers with Simon Willison I recorded an episode last week with Claire Giordano for the Talking Postgres podcast. The topic was “AI for data engineers" but we ended up covering an enjoyable range of different…

Simon Willison’s Weblog: Chromium Docs: The Rule Of 2

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/11/the-rule-of-2/ Source: Simon Willison’s Weblog Title: Chromium Docs: The Rule Of 2 Feedly Summary: Chromium Docs: The Rule Of 2 Alex Russell pointed me to this principle in the Chromium security documentation as similar to my description of the lethal trifecta. First added in 2019, the Chromium guideline states: When you write code…

Embrace The Red: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/openhands-the-lethal-trifecta-strikes-again/ Source: Embrace The Red Title: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets Feedly Summary: Another day, another AI data exfiltration exploit. Today we talk about OpenHands, formerly referred to as OpenDevin initially. It’s created by All-Hands AI. OpenHands renders images in chat, which enables zero-click data exfiltration during prompt injection…

Tag: lethal trifecta

Embrace The Red: Wrap Up: The Month of AI Bugs

Embrace The Red: Hijacking Windsurf: How Prompt Injection Leaks Developer Secrets

Simon Willison’s Weblog: The Summer of Johann: prompt injections as far as the eye can see

Simon Willison’s Weblog: Screaming in the Cloud: AI’s Security Crisis: Why Your Assistant Might Betray You

Simon Willison’s Weblog: AI for data engineers with Simon Willison

Simon Willison’s Weblog: Chromium Docs: The Rule Of 2

Embrace The Red: OpenHands and the Lethal Trifecta: Leaking Your Agent’s Secrets