frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Notion AI: Unpatched data exfiltration

https://www.promptarmor.com/resources/notion-ai-unpatched-data-exfiltration
198•takira•1d ago

Comments

jerryShaker•1d ago
Unfortunate that Notion does not seem to be taking AI security more seriously, even after they got flak for other data exfil vulns in the 3.0 agents release in September
airstrike•22h ago
IMHO the problem really comes from the browser accessing the URL without explicit user permission.

Bring back desktop software.

embedding-shape•11h ago
Meh, bring back thinking of security regardless of the platform instead. The web is gonna stay, might as well wish for people to treat the security on the platform better.
rdli•22h ago
Securing LLMs is just structurally different. The attack space is "the entirety of the human written language" which is effectively infinite. Wrapping your head around this is something we're only now starting to appreciate.

In general, treating LLM outputs (no matter where) as untrusted, and ensuring classic cybersecurity guardrails (sandboxing, data permissioning, logging) is the current SOTA on mitigation. It'll be interesting to see how approaches evolve as we figure out more.

vmg12•20h ago
It's pretty simple, don't give llms access to anything that you can't afford to expose. You treat the llm as if it was the user.
rdli•20h ago
I get that but just not entirely obvious how you do that for the Notion AI.
embedding-shape•11h ago
Don't use AI/LLMs that have unfettered access to everything?

Feels like the question is "How do I prevent unauthenticated and anonymous users to use my endpoint that doesn't have any authentication and is on the public internet?", which is the wrong question.

whateveracct•5h ago
exactly?
kahnclusions•19h ago
I’m not convinced LLMs can ever be secured, prompt injection isn’t going away since it’s a fundamental part of how an LLM works. Tokens in, tokens out.
Barrin92•17h ago
Dijkstra, On the Foolishness of "natural language programming":

[...]It may be illuminating to try to imagine what would have happened if, right from the start our native tongue would have been the only vehicle for the input into and the output from our information processing equipment. My considered guess is that history would, in a sense, have repeated itself, and that computer science would consist mainly of the indeed black art how to bootstrap from there to a sufficiently well-defined formal system. We would need all the intellect in the world to get the interface narrow enough to be usable,[...]

If only we had a way to tell a computer precisely what we want it to do...

https://www.cs.utexas.edu/~EWD/transcriptions/EWD06xx/EWD667...

jcims•12h ago
As multi-step reasoning and tool use expand, they effectively become distinct actors in the threat model. We have no idea how many different ways the alignment of models can be influenced by the context (the anthropic paper on subliminal learning [1] was a bit eye opening in this regard) and subsequently have no deterministic way to protect it.

1 - https://alignment.anthropic.com/2025/subliminal-learning/

falloutx•22h ago
People have learnt a little while back that you need to use the white hidden text in a resume to make the AI recommend you, There are also resume collecting services which let you buy a set of resumes belonging to your general competition era and you can compare your ai results with them. Its an arms race to get called up for a job interview at the moment.
Terr_•20h ago
I wouldn't be surprised if people tried to document what LLMs different companies/vendors are using, in order to take advantage of model-biases.

https://nyudatascience.medium.com/language-models-often-favo...

AdieuToLogic•18h ago
> People have learnt a little while back that you need to use the white hidden text in a resume to make the AI recommend you ...

I would caution against using "white hidden text" within PDF resumes as all an ATS[0] need use in order to make hidden text the same as any other text is preprocess with the poppler[1] project's `pdftotext`. Sophisticated ATS[0] offerings could also use `pdftotext` in a fraud detection role with other document formats as well.

0 - https://en.wikipedia.org/wiki/Applicant_tracking_system

1 - https://poppler.freedesktop.org/

jonplackett•21h ago
Sloppy coding to know a link could be a problem and render it anyway. But even worse to ignore the person who tells you you did that.
mirekrusin•21h ago
Public disclosure date is Jan 2025, but should be Jan 2026.
dcreater•21h ago
One more reason not to use Notion.

I wonder when there will be awakening to not use SaaS for everything you do. And the sad thing is that this is the behavior of supposedly tech-savvy people in places like the bay area.

I think the next wave is going to be native apps, with a single purchase model - the way things used to be. AI is going to enable devs, even indie devs, to make such products.

bossyTeacher•10h ago
> I think the next wave is going to be native apps

elaborate please?

jrm4•21h ago
This, of course, more yelling into the void from decades ago, but companies who promise or imply "safety around your data" and fail should be proportionally punished, and we as a society have not yet effectively figured out how to do that yet. Not sure what it will take.
pluralmonad•14h ago
Its perfectly figured out, people just refuse to implement the solution. Stop giving your resources to the bad actors. The horrible behavior so many enable in order to not be inconvenienced is immense.
jrm4•5h ago
Perfectly? No. No. A million times no.

You're getting downvoted because "stop giving your resources to the bad actors" is not even remotely close to a viable solution. There is no opting out in a meaningful way.

NOW, that being said. People like you and me should absolutely opt out to the extent that we can, but with the understanding that this is "for show," in a good way.

someguyiguess•21h ago
Wow what a coincidence. I just migrated from notion to obsidian today. Looks like I timed it perfectly (or maybe slightly too late?)
dtkav•20h ago
How was the migration process?

I work on a plugin that makes Obsidian real-time collaborative (relay.md), so if the migration is smooth I wonder how close we are to Obsidian being a suitable Notion replacement for small teams.

crashabr•11h ago
I've been waiting for Logseq DB to come out to replace Google docs for my team. So your offering is interesting, but

1) is it possible to use Obsidian like Logseq, with a primary block based system (the block based system, which allows building documents like Lego bricks, and easily cross referencing sections of other documents is key to me) and

2) Don't you expect to be sherlocked by the obsidian team?

embedding-shape•11h ago
> 1) is it possible to use Obsidian like Logseq, with a primary block based system (the block based system, which allows building documents like Lego bricks, and easily cross referencing sections of other documents is key to me) and

More or less yes, embeddable templates basically gives you that out of the box, Obsidian "Bases" let you query them.

> 2) Don't you expect to be sherlocked by the obsidian team?

I seem to remember that someone from the team once said they have no interest in building "real-time" collaboration features, but I might misremember and I cannot find it now.

And after all, Obsidian is a for-profit company who can change their mind, so as long as you don't try to build your own for-profit business on top of a use case that could be sherlocked, I think they're fine.

dtkav•5h ago
From their roadmap page:

> Multiplayer > > Share notes and edit them collaboratively

https://obsidian.md/roadmap

embedding-shape•4h ago
Doesn't say real-time there though? But yeah, must be what they mean, because you can in theory already collaborate on notes, via their "Sync", although it sucks for real-time collaboration.
dtkav•5h ago
In Obsidian you can have transclusions which is basically an embed of a section of another note. It isn't perfect, but worth looking into.

Regarding getting sherlocked; Obsidian does have realtime collaboration on their roadmap. There are likely to be important differences in approach, though.

Our offering is available now and we're learning a ton about what customers want.

If anything, I'd actually love to work more closely with them. They are a huge inspiration in how to build a business and are around the state of the art of a philosophy of software.

I'm interested in combining the unix philosophy with native collaboration (with both LLMs and other people).

That vision is inherently collaborative, anti lock-in, and also bigger than Obsidian. The important lasting part is the graph-of-local-files, not the editor (though Obsidian is fantastic).

brimtown•20h ago
This is @simonw’s Lethal Trifecta [1] again - access to private data and untrusted input are arguably the purpose of enterprise agents, so any external communication is unsafe. Markdown images are just the ones people usually forget about

[1] https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

Miyamura80•12h ago
Good point around the markdown image as an untrusted vector. Lethal trifecta is determnistically preventable, it really should be addressed wider in the indutry
noleary•15h ago
> We responsibly disclosed this vulnerability to Notion via HackerOne. Unfortunately, they said “we're closing this finding as `Not Applicable`”.
hxugufjfjf•13h ago
As much as I love using Notion, they have a terrible track record when it comes to dealing with and responding to security issues.
digiown•8h ago
Any data that leaves the machines you control, especially to a service like Notion, is already "exfiltrated" anyway. Never trust any consumer grade service without an explicit contract for any important data you don't want exfiltrated. They will play fast and loose with your data, since there is so little downside.

Code Coverage for GoAWK (2022)

https://maximullaris.com/goawk_cover.html
1•benhoyt•1m ago•0 comments

We Keep Making the Same Software Mistakes

https://spectrum.ieee.org/avoidable-software-failures-cost-trillions
1•Growtika•2m ago•0 comments

Gut Microbes Played Role in Evolution of Human Brain, New Study Suggests

https://www.sci.news/biology/gut-microbes-human-brain-evolution-14461.html
1•gmays•3m ago•0 comments

Reusable "skills" for coding agents: how to design them so they do not drift

https://clipnotebook.com/blog/reusable-skills-for-coding-agents
3•amandapoDEV•5m ago•1 comments

How to Fool a Neural Network

https://briefer.cloud/blog/posts/fooling-neural-networks/
1•rafaepta•5m ago•0 comments

AG Pax­ton Secures Win Stop­ping Sam­sung from Using Smart TVs to Spy on Texans

https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-secures-major-win-...
1•voxadam•6m ago•0 comments

Decoding the Astonishing Secret Languages of Animals

https://atmos.earth/science-and-nature/decoding-the-astonishing-secret-languages-of-animals/
1•bikeshaving•6m ago•0 comments

Detecting "AI Slop" with Shannon Entropy (Python)

https://steerlabs.substack.com/p/detecting-ai-slop-with-shannon-entropy
2•steer_dev•6m ago•1 comments

OpenAPI Isn't Enough

https://alexstephen.me/writing/openapi-isnt-enough/
1•rambleraptor•7m ago•0 comments

GLM-4.7: Advancing the Coding Capability

https://z.ai/blog/glm-4.7?_hsenc=p2ANqtz-_A0g1a_qMPKlnITH_2MrETt56Egtpn06pe9CyarPb7l_DhltBP9TmtFS...
1•rbanffy•8m ago•0 comments

The work of sleep doesn't depend on time

https://blog.affectablesleep.com/p/the-hidden-work-of-sleep-doesnt-depend
1•pedalpete•9m ago•0 comments

Show HN: Semi-private chat with Gemini from your computer

https://github.com/deepanwadhwa/semi_private_chat
1•dwa3592•10m ago•0 comments

Show HN: Ralph2Ralph

https://github.com/eqtylab/real-a2a
2•ramoz•11m ago•0 comments

Richard D. James interviews ex Korg engineer Tatsuya Takahashi (2017)

https://web.archive.org/web/20180719052026/http://item.warp.net/interview/aphex-twin-speaks-to-ta...
1•lelandfe•12m ago•4 comments

Our take on the best Firefox-based browsers for top privacy and customization

https://alternativeto.net/news/2026/1/our-honest-take-on-the-best-firefox-based-web-browsers-for-...
1•elliot_a•13m ago•0 comments

Some super-smart dogs can pick up new words just by eavesdropping

https://www.cnn.com/2026/01/08/science/gifted-dogs-learn-words-overhearing-intl-scli
2•breve•14m ago•0 comments

It's the little things that change your life, really: combining ChatGPT+DocuSign

https://app.yanna.pro/welcome/1
2•abemazak•14m ago•0 comments

Docker Releases Hardened Images for Free – What Does It Do Differently?

https://www.i-programmer.info/news/240-devops/18579-docker-releases-hardened-images-for-free-what...
1•aquastorm•15m ago•1 comments

Mathematics for Computer Science (2018) [pdf]

https://courses.csail.mit.edu/6.042/spring18/mcs.pdf
1•nateb2022•15m ago•0 comments

How Terminals Work

https://how-terminals-work.vercel.app/
1•gnodar•15m ago•0 comments

App for Prayer Reminders

https://prayminder.com/
1•marysminefnuf•17m ago•0 comments

Show HN: NPM CLI tool for SEO analysis with AI-powered competitor insights

https://github.com/BrunoQuaresma/seoq
1•bquaresma•18m ago•0 comments

On Cloudflare

https://indiscretemusings.substack.com/p/on-cloudflare
1•madars•18m ago•0 comments

Being a Scrapy Engineer

https://patys.dev/being-a-sc/
1•patys•19m ago•0 comments

Show HN: Infinite AI Generated Logos

https://durable.co/ai-logo-generator
1•rookhack•20m ago•1 comments

Richard D. James interviews ex. Korg engineer Tatsuya Takahashi (2020)

https://warp.net/editorial/richard-d-james-speaks-to-tatsuya-takahashi
1•lelandfe•22m ago•0 comments

Researchers seek better, safer alternatives to current opioid drugs

https://medicalxpress.com/news/2025-12-safer-alternatives-current-opioid-drugs.html
1•PaulHoule•22m ago•0 comments

Show HN: Minimalist LLM Grammar Checker for macOS

https://github.com/harentius/GrammifyAI
1•harentius1•25m ago•0 comments

Templates still matter in an AI-first workflow

https://dsmurrell.com/articles/templates-ai
1•dsmurrell•25m ago•1 comments

What Happened to WebAssembly

https://emnudge.dev/blog/what-happened-to-webassembly/
1•birdculture•26m ago•0 comments