Occhioverde@feddit.it to Fuck AI@lemmy.world · 1 month agoClaude Code: Data Exfiltration with DNS - Embrace The Redembracethered.comexternal-linkmessage-square1linkfedilinkarrow-up117arrow-down10cross-posted to: pulse_of_truth@infosec.pub
arrow-up117arrow-down1external-linkClaude Code: Data Exfiltration with DNS - Embrace The Redembracethered.comOcchioverde@feddit.it to Fuck AI@lemmy.world · 1 month agomessage-square1linkfedilinkcross-posted to: pulse_of_truth@infosec.pub
minus-squareArthur Besse@lemmy.mllinkfedilinkEnglisharrow-up3·1 month ago My proposal to Anthropic was to add human-in-the-loop validation by removing ping, nslookup, dig and host from the list of allowlisted commands. I wonder if that was actually their fix 😂 …because that list of regexps defining which commands to allow prompt injections to run without user confirmation includes some other things which can easily be abused. (For instance, some of those git subcommands take a --output option which instructs git to overwrite arbitrary files.)
I wonder if that was actually their fix 😂 …because that list of regexps defining which commands to allow prompt injections to run without user confirmation includes some other things which can easily be abused. (For instance, some of those git subcommands take a
--outputoption which instructs git to overwrite arbitrary files.)