frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Remote Prompt Injection in Gitlab Duo Leads to Source Code Theft

https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo
26•chillax•11h ago

Comments

nusl•8h ago
GitLab's remediation seems a bit sketchy at best.
reddalo•8h ago
The whole "let's put LLMs everywhere" thing is sketchy at best.
cedws•8h ago
Until prompt injection is fixed, if it is ever, I am not plugging LLMs into anything. MCPs, IDEs, agents, forget it. I will stick with a simple prompt box when I have a question and do whatever with its output by hand after reading it.
hu3•7h ago
I would have the same caution, if my code was any special.

But the reality is I'm very well compensated to summon CRUD slop out of thin air. It's well tested though.

I wish good luck to those who steal my code.

mdaniel•3h ago
You say code as if the intellectual property is the thing an attacker is after, but my experience has been that folks often put all kinds of secrets in code thinking that the "private repo" is a strong enough security boundary

I absolutely am not implying you are one of them, merely that the risk is not the same for all slop crud apps universally

mdaniel•3h ago
Running Duo as a system user was crazypants and I'm sad that GitLab fell into that trap. They already have personal access tokens so even if they had to silently create one just for use with Duo that would be a marked improvement over giving an LLM read access to every repo in the platform
wunderwuzzi23•49m ago
Great work!

Data leakage via untrusted third party servers (especially via image rendering) is one of the most common AI Appsec issues and it's concerning that big vendors do not catch these before shipping.

I built the ASCII Smuggler mentioned in the post and documented the image exfiltration vector on my blog as well in past with 10+ findings across vendors.

GitHub Copilot Chat had a very similar bug last year.

Postgres IDE in VS Code

https://techcommunity.microsoft.com/blog/adforpostgresql/announcing-a-new-ide-for-postgresql-in-vs-code-from-microsoft/4414648
328•Dowwie•3h ago•152 comments

Find Your People

https://foundersatwork.posthaven.com/find-your-people
123•jl•2h ago•50 comments

Beyond Semantics: Unreasonable Effectiveness of Reasonless Intermediate Tokens

https://arxiv.org/abs/2505.13775
51•nyrikki•2h ago•15 comments

Into The Tunnel: The secret life of wind tunnels

https://jordanwtaylor2.substack.com/p/into-the-tunnel
21•iamwil•1h ago•2 comments

Caesar's Last Breath

https://charliesabino.com/caesars-last-breath/
86•charliesabino•4h ago•38 comments

Types of optical systems in a lens designer's toolbox (2020)

https://www.pencilofrays.com/lens-design-forms/
5•picture•12m ago•0 comments

The metre originated in the French Revolution

https://www.abc.net.au/news/science/2025-05-20/metre-treaty-anniversary-metric-system-measurement-metrology/105302024
37•Tomte•3h ago•61 comments

Positional preferences, order effects, prompt sensitivity undermine AI judgments

https://www.cip.org/blog/llm-judges-are-unreliable
46•joalstein•1h ago•35 comments

You Don't Need Re-Ranking: Understanding the Superlinked Vector Layer

https://superlinked.com/vectorhub/articles/why-do-not-need-re-ranking
14•softwaredoug•1h ago•7 comments

Show HN: Samchika – A Java Library for Fast, Multithreaded File Processing

https://github.com/MayankPratap/Samchika
40•mprataps•5h ago•24 comments

Sesame Scheme: Unintended Consequences of Allergen Food Labeling

https://www.choicesmagazine.org/choices-magazine/submitted-articles/unintended-consequences-of-allergen-food-labeling
16•hilux•1h ago•3 comments

Why I no longer have an old-school cert on my HTTPS site

https://rachelbythebay.com/w/2025/05/22/ssl/
141•mcbain•7h ago•121 comments

Designing type inference for high quality type errors

https://blog.polybdenum.com/2025/02/14/designing-type-inference-for-high-quality-type-errors.html
36•PaulHoule•4d ago•6 comments

Remembering Alasdair MacIntyre

https://www.wordonfire.org/articles/remembering-alasdair-macintyre-1929-2025/
101•danielam•7h ago•41 comments

Slime (2021)

https://granta.com/slime/
16•Tomte•3h ago•0 comments

MCP is the coming of Web 2.0 2.0

https://www.anildash.com//2025/05/20/mcp-web20-20/
95•freediver•3h ago•89 comments

Writing A Job Runner (In Elixir) (Again) (10 years later)

https://github.com/notactuallytreyanastasio/genstage_tutorial_2025/blob/main/README.md
90•rhgraysonii•8h ago•24 comments

The Curious Case of the Pygmy Nuthatch

https://slate.com/culture/2025/05/birds-movies-charlies-angels-2000-pygmy-nuthatch.html
105•prawn•2d ago•14 comments

How to live on $432 a month in America

https://shagbark.substack.com/p/how-to-live-on-432-a-month-in-america
27•cactusplant7374•2h ago•11 comments

John Carmack talk at Upper Bound 2025

https://twitter.com/ID_AA_Carmack/status/1925710474366034326
399•tosh•13h ago•260 comments

Tallest Wooden Wind Turbine

https://modvion.com/
145•Bluestein•4d ago•105 comments

Satellites Spotting Depth

https://tech.marksblogg.com/depth-anything-v2-maxar-ai-detection.html
82•marklit•2d ago•21 comments

'Turbocharged' Mitochondria Power Birds' Epic Migratory Journeys

https://www.quantamagazine.org/turbocharged-mitochondria-power-birds-epic-migratory-journeys-20250519/
69•pseudolus•4d ago•16 comments

Alberta separatism push roils Canada

https://www.nytimes.com/2025/05/22/world/canada/alberta-separatism-referendum.html
6•paulpauper•1h ago•18 comments

Bits with Soul

https://www.darwin.cam.ac.uk/lectures/entry/bits-with-soul/
24•mrkeen•4d ago•5 comments

Show HN: Defuddle, an HTML-to-Markdown alternative to Readability

https://github.com/kepano/defuddle
365•kepano•21h ago•61 comments

Sugar-Coated Poison: Benign Generation Unlocks LLM Jailbreaking

https://arxiv.org/abs/2504.05652
40•favoboa•2d ago•35 comments

Measuring Lunar North and South Polar Regions

https://iopscience.iop.org/article/10.3847/PSJ/adbc9d
8•bryanrasmussen•4d ago•2 comments

KumoRFM: A Foundation Model for In-Context Learning on Relational Data

https://kumo.ai/company/news/kumo-relational-foundation-model/
97•cliffly•11h ago•17 comments

Quantum Picturalism

https://quantuminpictures.org/
48•mathgenius•2d ago•16 comments