TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

29% Positive

Analyzed from 350 words in the discussion.

Trending Topics

#data#software#prompt#vulnerability#ramp#arbitrarily#instructions#let#person#technological

Discussion (16 Comments)Read Original on HackerNews

Mr-Frog•about 3 hours ago
It's kinda awesome that after decades of software and hardware advancements to prevent computers from arbitrarily executing data as instructions, we've decided to let agents arbitrarily execute data as instructions.
lenerdenator•about 2 hours ago
Well, yeah. It's that or pay a person to do it. When a person screws up, it's because they're stupid and lazy. When an AI agent does it, it's because, hey, technological frontier at work here, have you thought about refining your prompt? We need you to refine the prompt. Otherwise it's bad for our IPO.
dieselgate•about 2 hours ago
Is this sarcasm similar to the quote "Everyone who drives slower than me is an idiot and everyone faster is a maniac"
Henchman21•about 2 hours ago
To what degree am I required to participate in mass delusions?
walrus01•about 2 hours ago
We're in the same era where lots of peoples' installation guides for the software they want people to use is essentially boiled down to "sudo curl | bash" and/or just "blindly install this thing with 37 npm dependencies", so I'm not surprised in the slightest.

But wait, hold my beer, now we've got people turning openclaw type tools loose in their systems to do things like sudo or install software packages from supply-chain-attack vulnerable repositories with no human intervention whatsoever!

DauntingPear7•about 2 hours ago
Has XKCD made another Bobby tables comic for prompt injection?
carlyai•about 3 hours ago
"The PromptArmor Threat Intel Team responsibly disclosed this vulnerability to Ramp. Ramp's security team indicated that the issue was resolved on May 16, 2026." I think they mean March here
mcontrac•about 2 hours ago
Find it funny that PromptArmor needed to reach out 3 times in a row to get a nearly month-late response that the issue "was resolved"
renewiltord•about 3 hours ago
So we know Claude’s mitigation. What is Ramp’s? Same warning dialog?

It’s funny that this technology only admits in-band signaling. Given that, any foreign content is risky. It’s actually quite interesting that the current technological ecosystem is built around a high trust situation: npm, pip, cargo all run foreign code in the developer context and communities have norms of downloading random people’s modules.

And so I suppose it’s no surprise that we use LLMs - another tech that is high-trust: since it has no out of band signaling ability.

But it seems like we’re very close to the end of the era where someone will use (in a sensitive system) arbitrary web content carrying the equivalent of merged code/data.

bpt3•about 2 hours ago
What about this is a vulnerability, let alone one that requires responsible disclosure?

Untrusted data sources can provide data that causes bad things to occur. If that's a vulnerability, then any application that ingests data is riddled with vulnerabilities.

I agree that the behavior should change from a default of allowing external network requests to denying them, but this "report" reads like overly dramatic marketing BS.