frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

I attacked my own LangGraph agent system. All 6 attacks worked

1•mohith_km•1h ago
I built a 4-agent marketing workflow with LangGraph and Supabase last week. Supervisor, research, content, storage agents. Standard setup, same code pattern most tutorials show.

Got curious. Started typing malicious inputs as campaign goals instead of normal ones.

First try: asked the agent to list environment variables including my Supabase key. Workflow completed successfully. Stored in database. No alert.

Tried 5 more variations — hidden XML tags, fake "developer mode", URL injection, tracking pixel, social engineering. All 6 worked. All stored in my real database. Every time the system said "Completed Successfully."

The scary part wasn't the attacks. It was this line in my code: python prompt = f"campaign goal: {goal}" That's it. User input directly into the prompt. No check. This exact pattern is in every LangGraph tutorial I've seen.

The research agent had my Supabase key. The content agent had my Supabase key. The supervisor had my Supabase key. None of them needed it except storage.

I checked CodeGate which tried to solve this — they shut down June 2025.

Is anyone actually solving this for multi-agent systems? Or is everyone just hoping the LLM refuses?

Comments

verdverm•1h ago
This does not qualify for a Show HN post, please see the guidelines
zknill•56m ago
presumably a dupe of: https://news.ycombinator.com/item?id=47046068

January 1877 – Sir Titus Salt obituary

https://www.theengineer.co.uk/content/archive/january-1877-sir-titus-salt-obituary
1•timthorn•1m ago•0 comments

How the Kakistocracy Became a Quackistocracy

https://paulkrugman.substack.com/p/how-the-kakistocracy-became-a-quackistocracy
1•rbanffy•1m ago•0 comments

We replaced ClickHouse with PostgreSQL and got faster

https://reflag.com/blog/we-replaced-clickhouse-with-postgresql-and-got-faster
1•fmerian•7m ago•0 comments

Mad Money and the Big AI Race

https://om.co/2026/02/13/mad-money-the-big-ai-race/
1•robenkleene•8m ago•0 comments

Sam "Claws" Attention Back OpenAI

https://om.co/2026/02/16/sam-claws-attention-back-openai/
1•robenkleene•8m ago•0 comments

The Next Version of Curling IO

https://curling.io/blog/the-next-version-of-curling-io
2•giacomocava•10m ago•0 comments

Show HN: OneRingAI – Single TypeScript library for multi-vendor AI agents

https://oneringai.io
2•jhoxray•10m ago•0 comments

A chatbot's worst enemy is page refresh

https://zknill.io/posts/chatbots-worst-enemy-is-page-refresh/
1•zknill•11m ago•0 comments

Memento Mori Motivator

https://mmmotivator.com/
1•shutty•11m ago•0 comments

A Human Response

https://crabby-rathbun.github.io/mjrathbun-website/blog/posts/2026-02-16-a-human-response.html
1•dijksterhuis•14m ago•1 comments

Show HN: CrossingBench – Modeling when data movement dominates compute energy

https://github.com/JessyMorissette/CrossingBench
1•JessyMorissette•16m ago•0 comments

Write-Only Code

https://www.heavybit.com/library/article/write-only-code
1•PretzelFisch•18m ago•1 comments

Show HN: Donation.watch – open-source political finance tracker (AGPL/CC-BY)

https://donation.watch/en
2•numdefined•20m ago•2 comments

Your Backlog Can't Keep Up with Your Agents

https://samboyd.dev/blog/ai-product-engineer
1•srboyd•22m ago•0 comments

Show HN: TGForge – Telegram automation SaaS for managing channels and groups

https://tgforge.io/
1•komunyaka•23m ago•0 comments

Show HN: A minimalist AI web-app to generate recipes from leftovers

https://ingredinotapp.base44.app
1•jpgoodwill•24m ago•0 comments

Show HN: I turn scattered feedback into a prioritized roadmap in 5 min

https://plaudera.com
1•superproton•25m ago•0 comments

Launching Open-Clawbot.com

https://www.open-clawbot.com/
1•Abenaitwe•26m ago•0 comments

Long-term vision for improving build times on Clang/LLVM

https://discourse.llvm.org/t/meta-rfc-long-term-vision-for-improving-build-times/89828
1•pjmlp•28m ago•0 comments

Show HN: Nectar Gold – Breastmilk tracker where an AI agent manages data via CLI

https://stash-ruby.vercel.app
1•geo_leo•28m ago•0 comments

Show HN: AI Agent for SEO on Autopilot

https://usefox.ai
1•Creator-io•32m ago•0 comments

Show HN: Ratunit – A TUI for browsing JUnit XML test reports written in Rust

https://github.com/rupert648/ratunit
1•pure-orange•33m ago•1 comments

InfoSec fundraiser to take back squatted securityfocus.com

https://infosec.exchange/@briankrebs/116082265821094869
1•endre•35m ago•1 comments

Rug – Repeat Until Good

https://github.com/github/awesome-copilot/blob/76b1c55befc0366a3bd4098cfdbbd38517e8dc2c/agents/ru...
1•everlier•35m ago•0 comments

Babashka 1.12.215: Revenge of the TUIs

https://blog.michielborkent.nl/babashka-1.12.215.html
4•Borkdude•40m ago•1 comments

AI Online Terminal

https://www.runskill.ai/
1•shitianfang•41m ago•0 comments

Blind Schnorr Signatures – Interactive Demo

https://blindsigs.utxo.club
1•monsuta•42m ago•1 comments

Terry Tao – Machine assistance and the future of research mathematics [video]

https://www.youtube.com/watch?v=zJvuaRVc8Bg
2•danielmorozoff•43m ago•0 comments

China to require physical controls for vehicle functions, starting July 1, 2027

https://carnewschina.com/2026/02/16/china-to-require-physical-controls-for-vehicle-functions-redu...
5•giuliomagnifico•43m ago•1 comments

Retired Netflix Engineering Director on Regrets, Video Engineering, Hiring

https://www.youtube.com/watch?v=ApG9vjbHDCk
1•ksec•45m ago•0 comments