Tag: pypi
-
Hacker News: Ultralytics AI model hijacked to infect thousands with cryptominer
Source URL: https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/ Source: Hacker News Title: Ultralytics AI model hijacked to infect thousands with cryptominer Feedly Summary: Comments AI Summary and Description: Yes Summary: The Ultralytics YOLO11 AI model was compromised due to a supply chain attack that led to the deployment of cryptominers when users installed certain versions from PyPI. This incident highlights…
-
Simon Willison’s Weblog: Introducing the Model Context Protocol
Source URL: https://simonwillison.net/2024/Nov/25/model-context-protocol/#atom-everything Source: Simon Willison’s Weblog Title: Introducing the Model Context Protocol Feedly Summary: Introducing the Model Context Protocol Interesting new initiative from Anthropic. The Model Context Protocol aims to provide a standard interface for LLMs to interact with other applications, allowing applications to expose tools, resources (contant that you might want to dump…
-
Simon Willison’s Weblog: Ask questions of SQLite databases and CSV/JSON files in your terminal
Source URL: https://simonwillison.net/2024/Nov/25/ask-questions-of-sqlite/#atom-everything Source: Simon Willison’s Weblog Title: Ask questions of SQLite databases and CSV/JSON files in your terminal Feedly Summary: I built a new plugin for my sqlite-utils CLI tool that lets you ask human-language questions directly of SQLite databases and CSV/JSON files on your computer. It’s called sqlite-utils-ask. Here’s how you install it:…
-
Hacker News: Garak, LLM Vulnerability Scanner
Source URL: https://github.com/NVIDIA/garak Source: Hacker News Title: Garak, LLM Vulnerability Scanner Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text describes “garak,” a command-line vulnerability scanner specifically designed for large language models (LLMs). This tool aims to uncover various weaknesses in LLMs, such as hallucination, prompt injection attacks, and data leakage. Its development…
-
Hacker News: Attestations: A new generation of signatures on PyPI
Source URL: https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/ Source: Hacker News Title: Attestations: A new generation of signatures on PyPI Feedly Summary: Comments AI Summary and Description: Yes Summary: The announcement discusses a new security feature on the Python Package Index (PyPI): index-hosted digital attestations based on PEP 740. This feature enhances package provenance and security by integrating with Trusted…
-
Hacker News: Are We PEP740 Yet?
Source URL: https://trailofbits.github.io/are-we-pep740-yet/ Source: Hacker News Title: Are We PEP740 Yet? Feedly Summary: Comments AI Summary and Description: Yes **Summary:** PEP 740 introduces a standard for cryptographically verifiable attestations for Python packages, ensuring better security and provenance verification through digital signatures. This initiative utilizes Sigstore technology and highlights the significance of trusted identities in safeguarding…
-
Simon Willison’s Weblog: PyPI now supports digital attestations
Source URL: https://simonwillison.net/2024/Nov/14/pypi-digital-attestations/#atom-everything Source: Simon Willison’s Weblog Title: PyPI now supports digital attestations Feedly Summary: PyPI now supports digital attestations Dustin Ingram: PyPI package maintainers can now publish signed digital attestations when publishing, in order to further increase trust in the supply-chain security of their projects. Additionally, a new API is available for consumers and…