Why LLM Authorization is Hard

https://www.osohq.com/post/why-llm-authorization-is-hard

15•mathewpregasen•7mo ago

Comments

pvg•7mo ago

Ongoing discussion https://news.ycombinator.com/item?id=44502318

forks•7mo ago

Just to make sure I'm following: that's ongoing discussion of the same issue, but not the same post, right?

meghan•7mo ago

Yes, similar discussion across two separate articles: (1) article from General Analysis on "Supabase MCP can leak your entire SQL database" (2) article from Oso talking about why authorization in AI is hard, what to do about it, which references the General Analysis article

pvg•7mo ago

Right, because otherwise you end up with a split discussion and people miss stuff, moderators end up having to merge them, etc. Immediate followups count as dupes (in HN's weird dupery algebra), they're better off linked in the active thread.

gneray•7mo ago

Curious to hear from the community about this, esp in light of article on supabase

gsarjeant•7mo ago

Hi, I'm the post writer. I have a habit of writing like a textbook author, but the things that jumped out at me while I was working on this with Oso were:

1. Least privilege can address a lot of these issues. We all know that, but in practice we don't really apply it because it can be a pain.

2. These applications are interesting because they can interpret meaning instead of rigidly following instructions, but that makes them prone to misunderstanding and manipulation. That breaks a lot of our assumptions about how software responds to input.

3. It's helpful to think of these applications in terms of impersonation. The user's rights should be the upper bound of the LLM's permissions when it acts on their behalf.

4. Ideally, we'd also constrain permissions according to the task being performed, but that's trickier.

The article goes into all that in exhaustive (some might say tedious) detail. It was a difficult write because this space moves so quickly and has so much hype, but it's been a good exercise to try to sift through that and think about it seriously.

(edited because I don't know how to make a legible list)

What the News media thinks about your Indian stock investments

Running Lua on a tiny console from 2001

Google and Microsoft Paying Creators $500K+ to Promote AI Tools

New filtration technology could be game-changer in removal of PFAS

Show HN: I saw this cool navigation reveal, so I made a simple HTML+CSS version

Kinda Surprised by Seadance2's Moderation

I Write Games in C (yes, C)

Django scales. Stop blaming the framework (part 1 of 3)

Malwarebytes Is Now in ChatGPT

Thoughts on the job market in the age of LLMs

Show HN: Stacky – certain block game clone

AIII: A public benchmark for AI narrative and political independence

SectorC: A C Compiler in 512 bytes

The API Is a Dead End; Machines Need a Labor Economy

Digital Iris [video]

New wave of GLP-1 drugs is coming–and they're stronger than Wegovy and Zepbound

Convert tempo (BPM) to millisecond durations for musical note subdivisions

Show HN: Tasty A.F.

The Contagious Taste of Cancer

U.S. Jobs Disappear at Fastest January Pace Since Great Recession

Bithumb mistakenly hands out $195M in Bitcoin to users in 'Random Box' giveaway

Beyond Agentic Coding

OpenClaw ClawHub Broken Windows Theory – If basic sorting isn't working what is?

OpenBSD Copyright Policy

OpenClaw Creator: Why 80% of Apps Will Disappear

What Happens When Technical Debt Vanishes?

AI Is Finally Eating Software's Total Market: Here's What's Next

Computer Science from the Bottom Up

Show HN: A toy compiler I built in high school (runs in browser)

You don't need Mac mini to run OpenClaw