Ask HN: Possible or Fantasy?

2•ge96•8mo ago

Imagine if you sent an image with encoded info (steganography) and an LLM or CV model happened to get the command from that image, then this model happened to be connected to MCP/agents and could execute these embedded commands.

Realistic attack vector or not? It's not an original idea seen in shows like Ghost in the Shell SAC 2045 and latest Black Mirror Thronglets

Comments

moritzwarhier•8mo ago

The imaginary QR code from the episode, and real steganography, are completely orthogonal.

And the BM episode doesn't include any references to LLMs, or does it?

ge96•8mo ago

Yeah by LLM (and I didn't specify above) I meant if you had a generic summary command/parsing images or OCR... it's probably not possible to extract code, maybe you can with words embedded in an image that is a sentence eg. "run this script"

edit: generic command as in "what does this image show" and the underlying mechanism is vulnerable to reading hidden data

moritzwarhier•8mo ago

Yeah that's prompt injection but why the steganography? In a broader sense, sure. Who would let an unsupervised LLM or other AI operate on important resources, is the question, I think.

ge96•8mo ago

steganography is just that it's image based

saw this thread about space selfie made me think of it

muzani•8mo ago

They're able to "decode" base64 if you give it a popular quote, but if you modify the quote, it will often hallucinate the exact quote. If you enlarge images with it, it will often hallucinate bits and pieces of it.

So I'd do something that takes advantage of this behavior. It's like with morse code where many people know S.O.S. even if they don't know the other letters. You'd have to communicate in quotes and such.

ge96•8mo ago

damn that's a good point about the built in random part ha (I know set temp to 0 but yeah)

muzani•8mo ago

0 temp is still not completely deterministic :)

X (Twitter) is back with a new X API Pay-Per-Use model

Zlob.h 100% POSIX and glibc compatible globbing lib that is faste and better

Show HN: Deterministic signal triangulation using a fixed .72% variance constant

Scientists Discover Levitating Time Crystals You Can Hold, Defy Newton’s 3rd Law

When Michelangelo Met Titian

Solving NYT Pips with DLX

Baldur's Gate to be turned into TV series – without the game's developers

Interview with 'Just use a VPS' bro (OpenClaw version) [video]

EchoJEPA: Latent Predictive Foundation Model for Echocardiography

Disablling Go Telemetry

Effective Nihilism

The UK government didn't want you to see this report on ecosystem collapse

No 10 blocks report on impact of rainforest collapse on food prices

Seedance 2.0 Is Coming

Show HN: Fitspire – a simple 5-minute workout app for busy people (iOS)

Dexterous robotic hands: 2009 – 2014 – 2025

Interop 2025: A Year of Convergence

JobArena – Human Intuition vs. Artificial Intelligence

Concept Artists Say Generative AI References Only Make Their Jobs Harder

Show HN: PaySentry – Open-source control plane for AI agent payments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

The Crumbling Workflow Moat: Aggregation Theory's Final Chapter

Pax Historia – User and AI powered gaming platform

Show HN: I built a RAG engine to search Singaporean laws

Scams, Fraud, and Fake Apps: How to Protect Your Money in a Mobile-First Economy

Porting Doom to My WebAssembly VM

Cognitive Style and Visual Attention in Multimodal Museum Exhibitions

Full-Blown Cross-Assembler in a Bash Script

Logic Puzzles: Why the Liar Is the Helpful One

Optical Combs Help Radio Telescopes Work Together

X (Twitter) is back with a new X API Pay-Per-Use model

Zlob.h 100% POSIX and glibc compatible globbing lib that is faste and better

Show HN: Deterministic signal triangulation using a fixed .72% variance constant

Scientists Discover Levitating Time Crystals You Can Hold, Defy Newton’s 3rd Law

When Michelangelo Met Titian

Solving NYT Pips with DLX

Baldur's Gate to be turned into TV series – without the game's developers

Interview with 'Just use a VPS' bro (OpenClaw version) [video]

EchoJEPA: Latent Predictive Foundation Model for Echocardiography

Disablling Go Telemetry

Effective Nihilism

The UK government didn't want you to see this report on ecosystem collapse

No 10 blocks report on impact of rainforest collapse on food prices

Seedance 2.0 Is Coming

Show HN: Fitspire – a simple 5-minute workout app for busy people (iOS)

Dexterous robotic hands: 2009 – 2014 – 2025

Interop 2025: A Year of Convergence

JobArena – Human Intuition vs. Artificial Intelligence

Concept Artists Say Generative AI References Only Make Their Jobs Harder

Show HN: PaySentry – Open-source control plane for AI agent payments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

The Crumbling Workflow Moat: Aggregation Theory's Final Chapter

Pax Historia – User and AI powered gaming platform

Show HN: I built a RAG engine to search Singaporean laws

Scams, Fraud, and Fake Apps: How to Protect Your Money in a Mobile-First Economy

Porting Doom to My WebAssembly VM

Cognitive Style and Visual Attention in Multimodal Museum Exhibitions

Full-Blown Cross-Assembler in a Bash Script

Logic Puzzles: Why the Liar Is the Helpful One

Optical Combs Help Radio Telescopes Work Together

Ask HN: Possible or Fantasy?

Comments