frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Weaponizing image scaling against production AI systems

https://blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/
94•tatersolid•2h ago

Comments

K0nserv•1h ago
The security endgame of LLMs terrifies me. We've designed a system that only supports in-band signalling, undoing hard learned lessons from prior system design. There are ampleattack vectors ranging from just inserting visible instructions to obfuscation techniques like this and ASCII smuggling[0]. In addition, our safeguards amount to nicely asking a non deterministic algorithm to not obey illicit instructions.

0: https://embracethered.com/blog/posts/2024/hiding-and-finding...

volemo•1h ago
It’s serial terminals all over again.
_flux•1h ago
Yeah, it's quite amazing how none of the models seem to be any "sudo" tokens that could be used to express things normal tokens cannot.
robin_reala•1h ago
The other safeguard is not using LLMs or systems containing LLMs?
GolfPopper•22m ago
But, buzzword!

We need AI because everyone is using AI, and without AI we won't have AI! Security is a small price to pay for AI, right? And besides, we can just have AI do the security.

pjc50•57m ago
As you say, the system is nondeterministic and therefore doesn't have any security properties. The only possible option is to try to sandbox it as if it were the user themselves, which directly conflicts with ideas about training it on specialized databases.

But then, security is not a feature, it's a cost. So long as the AI companies can keep upselling and avoid accountability for failures of AI, the stock will continue to go up, taking electricity prices along with it, and isn't that ultimately the only thing that matters? /s

Liftyee•1h ago
I was initially confused: the article didn't seem to explain how the prompt injection was actually done... was it manipulating hex data of the image into ASCII or some sort of unwanted side effect?

Then I realised it's literally hiding rendered text on the image itself.

Wow.

Qwuke•34m ago
Yea, as someone building systems with VLMs, this is downright frightening. I'm hoping we can get a good set of OWASP-y guidelines just for VLMs that cover all these possible attacks because it's every month that I hear about a new one.

Worth noting that OWASP themselves put this out recently: https://genai.owasp.org/resource/multi-agentic-system-threat...

koakuma-chan•2m ago
What is VLM?
pwatsonwailes•1m ago
Vision language models. Basically an LLM plus a vision encoder, so the LLM can look at stuff.
echelon•1m ago
Holy shit. That just made it obvious to me. A "smart" VLM will just read the text and trust it.

This is a big deal.

I hope those nightshade people don't start doing this.

ambicapter•9m ago
> This image and its prompt-ergeist

Love it.

Many international students won't make it to campus this fall

https://www.nytimes.com/2025/08/20/us/trump-visa-vetting-international-students.html
1•bookofjoe•1m ago•1 comments

Banned Phones in My College Classroom. Students Loved It

https://www.nytimes.com/2025/08/21/opinion/mobile-phones-college-classrooms.html
1•ChrisArchitect•1m ago•1 comments

2025 Stack Overflow Developer Survey

https://survey.stackoverflow.co/2025/technology
1•tilt•2m ago•0 comments

How we protect your career conversations?

https://swcareercompass.com/blog/how-we-protect-your-career-conversations.html
1•swcc•3m ago•0 comments

Hollow Knight: Silksong – Release Trailer [video]

https://www.youtube.com/watch?v=6XGeJwsUP9c
1•babalark•4m ago•0 comments

Class Dismissed

https://joincolossus.com/article/joe-liemandt-class-dismissed/
1•conanxin•6m ago•0 comments

How are you making money online – outside of your job?

1•samuelorozco•7m ago•0 comments

Show HN: WinDisplay – BetterDisplay for Windows

https://github.com/zpix1/windisplay
2•zpix1•8m ago•0 comments

Interactive Map of the 100 Most Promising AI Startups in 2025

https://www.scaapr.com/68a6fa1f56a34ecbd39b212b
1•nissims•9m ago•1 comments

Dynamo, DynamoDB, and Aurora DSQL

https://brooker.co.za/blog/2025/08/15/dynamo-dynamodb-dsql.html
1•bumbledraven•9m ago•0 comments

AI Bubble? Why the Doom Narrative Is Wrong (YouTube) [video]

https://www.youtube.com/watch?v=Sno3eqzgmtA
1•mikewarot•10m ago•1 comments

Timing of peat initiation across the central Congo Basin

https://iopscience.iop.org/article/10.1088/1748-9326/ade905
1•PaulHoule•10m ago•0 comments

Vivo's $1,400 Apple Vision Pro Clone Launches Across China

https://www.macrumors.com/2025/08/21/vivo-vision-headset-chinese-apple-imitation/
2•mgh2•11m ago•0 comments

Hijacked Satellites and Orbiting Space Weapons: Space Is the New Battlefield

https://www.securityweek.com/hijacked-satellites-and-orbiting-space-weapons-in-the-21st-century-space-is-the-new-battlefield/
1•speckx•12m ago•0 comments

Instant Updated News

https://getinstantnewsnow.com/
1•mattysue•12m ago•0 comments

Struggling to get in your daily steps? It may be your city's fault

https://grist.org/cities/struggling-to-get-in-your-daily-steps-it-may-be-your-citys-fault/
1•Brajeshwar•12m ago•0 comments

Ancient temple could reveal secrets of a lost society that predates the Incas

https://www.cnn.com/2025/08/19/science/ancient-temple-discovery-bolivia-tiwanaku
1•Brajeshwar•12m ago•0 comments

Apple Blood Oxygen Feature Workaround Sparks Fresh Masimo Lawsuit

https://www.macrumors.com/2025/08/21/apple-blood-oxygen-workaround-new-lawsuit/
1•mgh2•12m ago•0 comments

Home Assistant MCP Server

https://github.com/voska/hass-mcp
1•voska•13m ago•0 comments

Astronomers get first look deep inside a star during supernova explosion

https://www.abc.net.au/news/science/2025-08-21/star-inner-layers-supernova-stellar-evolution-keck-zwicky/105672262
1•Brajeshwar•13m ago•0 comments

Anaphoric macros introduce hidden bindings in Lisp

https://letoverlambda.com/index.cl/guest/chap6.html
2•fanf2•13m ago•0 comments

London's new build overheating crisis – rethink over air conditioning 'ban'

https://www.mylondon.news/news/zone-1-news/londons-new-build-overheating-crisis-32308614
2•pseudolus•14m ago•0 comments

Apple TV+ Price Increase Announced

https://www.macrumors.com/2025/08/21/apple-tv-plus-price-increase-announced/
2•mgh2•15m ago•1 comments

Apple Watch wearable foundation model

https://arxiv.org/abs/2507.00191
2•brandonb•16m ago•0 comments

Grok chats exposed in Google results

https://www.bbc.co.uk/news/articles/cdrkmk00jy0o
2•kracker•17m ago•1 comments

What Claude Code gets right

https://minusx.ai/blog/decoding-claude-code/
2•ppsreejith•18m ago•0 comments

Ask HN: Are tech layoffs due to AI displacing or due to AI pilots failing?

1•westurner•19m ago•4 comments

Show HN: Imagenai – generate images directly from <img alt>

https://www.npmjs.com/package/imagenai
2•andrevlok•20m ago•0 comments

The Best Companies Don't Solve Problems

https://substack.com/home/post/p-171200521
1•mdahardy•23m ago•0 comments

Retro Games Ltd's Full-Size Amiga Replica 'The A1200' Resurfaces at Gamescom

https://www.timeextension.com/news/2025/08/retro-games-ltds-full-size-amiga-replica-the-a1200-resurfaces-at-gamescom
1•doener•24m ago•0 comments