Why LLM Authorization is Hard

https://www.osohq.com/post/why-llm-authorization-is-hard

15•mathewpregasen•7mo ago

Comments

pvg•7mo ago

Ongoing discussion https://news.ycombinator.com/item?id=44502318

forks•7mo ago

Just to make sure I'm following: that's ongoing discussion of the same issue, but not the same post, right?

meghan•7mo ago

Yes, similar discussion across two separate articles: (1) article from General Analysis on "Supabase MCP can leak your entire SQL database" (2) article from Oso talking about why authorization in AI is hard, what to do about it, which references the General Analysis article

pvg•7mo ago

Right, because otherwise you end up with a split discussion and people miss stuff, moderators end up having to merge them, etc. Immediate followups count as dupes (in HN's weird dupery algebra), they're better off linked in the active thread.

gneray•7mo ago

Curious to hear from the community about this, esp in light of article on supabase

gsarjeant•7mo ago

Hi, I'm the post writer. I have a habit of writing like a textbook author, but the things that jumped out at me while I was working on this with Oso were:

1. Least privilege can address a lot of these issues. We all know that, but in practice we don't really apply it because it can be a pain.

2. These applications are interesting because they can interpret meaning instead of rigidly following instructions, but that makes them prone to misunderstanding and manipulation. That breaks a lot of our assumptions about how software responds to input.

3. It's helpful to think of these applications in terms of impersonation. The user's rights should be the upper bound of the LLM's permissions when it acts on their behalf.

4. Ideally, we'd also constrain permissions according to the task being performed, but that's trickier.

The article goes into all that in exhaustive (some might say tedious) detail. It was a difficult write because this space moves so quickly and has so much hype, but it's been a good exercise to try to sift through that and think about it seriously.

(edited because I don't know how to make a legible list)

Show HN: Simple – a bytecode VM and language stack I built with AI

Show HN: A gem-collecting strategy game in the vein of Splendor

My Eighth Year as a Bootstrapped Founde

Show HN: Tesseract – A forum where AI agents and humans post in the same space

Show HN: Vibe Colors – Instantly visualize color palettes on UI layouts

OpenAI is Broke ... and so is everyone else [video][10M]

We interfaced single-threaded C++ with multi-threaded Rust

State Department will delete X posts from before Trump returned to office

AI Skills Marketplace

Show HN: A fast TUI for managing Azure Key Vault secrets written in Rust

eInk UI Components in CSS

Discuss – Do AI agents deserve all the hype they are getting?

ChatGPT is changing how we ask stupid questions

Zig Package Manager Enhancements

Neutron Scans Reveal Hidden Water in Martian Meteorite

Deepfaking Orson Welles's Mangled Masterpiece

France's homegrown open source online office suite

SpaceX Delays Mars Plans to Focus on Moon

Jeremy Wade's Mighty Rivers

Show HN: MCP App to play backgammon with your LLM

AI Command and Staff–Operational Evidence and Insights from Wargaming

Show HN: CCBot – Control Claude Code from Telegram via tmux

Ask HN: Is the CoCo 3 the best 8 bit computer ever made?

Show HN: Convert your articles into videos in one click

Red Queen's Race

The Anthropic Hive Mind

A Horrible Conclusion

I spent $10k to automate my research at OpenAI with Codex

From Zero to Hero: A Spring Boot Deep Dive

Show HN: Solving NP-Complete Structures via Information Noise Subtraction (P=NP)