frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

The Webpage Has Instructions. The Agent Has Your Credentials

https://openguard.sh/blog/prompt-injections/
25•everlier•4h ago

Comments

stavros•1h ago
Why does the agent have your credentials? There's no need for that! I made one that doesn't:

https://github.com/skorokithakis/stavrobot

indigodaddy•51m ago
So this is like a claw type thing? I’ve never used these “agents”. Not sure what I would do with them. Probably not for coding right?
stavros•45m ago
Yeah, it's more of a personal assistant. It can do coding, but it's most useful as a PA.
indigodaddy•31m ago
So. Yesterday I had a need to, from my android phone, have ChatGPT et Al mobile app do something I THOUGHT was very simple. Read a publicly available Google spreadsheet (I gave it the /htmlview which in incognito I could see ALL the rows (maybe close to 1000 rows). None could do it. Not ChatGPT, not MS Copilot, not Claude app, not Gemini, not even GitHub copilot in a web tab. Some said I can’t even see that. Some could see it but couldn’t do anything with it. Some could see it but only the first 100 lines. All I wanted to do was have it ingest the entire thing and then spit me back out in a csv or txt any rows that mentioned 4K. Seemed simple but these things couldn’t even get past that first hurdle. Weirdly, I remembered I had the Grok app too and gave it a shot, and, it could do it. I guess it is more intelligent in it’s abilities to scrape/parse/whatever all kinds of different types of sites.

I’d guess this is the type of thing that might actually excel in your agent or these claw clones, because they literally can just do whatever bash/tool type actions on whatever VM or sandboxed environment they live on?

stavros•28m ago
Yeah, I think this was an issue of Google blocking bot user agents more than the LLMs not being smart enough. A bot that can run curl (like mine) should read it no problem.
indigodaddy•24m ago
Ah ok that actually makes sense as the reason. And I think I’ve seen that with even coding agents when they are trying to look up stuff on the web or URLs you give them, now that I think about it..
amelius•23m ago
You can do basically anything with a claw agent. For example, I asked one to build me a Dyson sphere. It is still working on it, but so far so good.
redgridtactical•1h ago
This is the natural consequence of building everything around "the agent needs access to everything to be useful." The more capabilities you hand an agent, the larger the attack surface when it encounters a malicious page.

The simplest mitigation is also the least popular one: don't give the agent credentials in the first place. Scope it to read-only where possible, and treat every page it visits as untrusted input. But that limits what agents can do, which is why nobody wants to hear it.

rocho•53m ago
I absolutely agree, although even that doesn't solve the root problem. The underlying LLM architecture is fundamentally insecure as it doesn't separate between instructions and pure content to read/operate on.

I wonder if it'd be possible to train an LLM with such architecture: one input for the instructions/conversation and one "data-only" input. Training would ensure that the latter isn't interpreted as instructions, although I'm not knowledgeable enough to understand if that's even theoretically possible: even if the inputs are initially separate, they eventually mix in the neural network. However, I imagine that training could be done with massive amounts of prompt injections in the "data-only" input to penalize execution of those instructions.

petesergeant•20m ago
I am building https://agentblocks.ai for just this; you set fine-grained rules on what your agents are allowed to access and when they have to ask you out-of-channel (eg via WhatsApp or Slack) for permissions, with no direct agent access. It works today, well, supports more tools than are on the website, and if you have any need for this at all, I’d love to give you an account: pete@agentblocks.ai

Works great with OpenClaw, Claude Cowork, or anything, really

What makes Intel Optane stand out (2023)

https://blog.zuthof.nl/2023/06/02/what-makes-intel-optane-stand-out/
110•walterbell•3h ago•83 comments

Separating the Wayland compositor and window manager

https://isaacfreund.com/blog/river-window-management/
82•dpassens•3h ago•39 comments

C++26: The Oxford Variadic Comma

https://www.sandordargo.com/blog/2026/03/11/cpp26-oxford-variadic-comma
38•ingve•4d ago•10 comments

Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Repositories

https://www.aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode
127•robinhouston•5h ago•63 comments

In Memoriam: John W. Addison, my PhD advisor

https://billwadge.com/2026/03/15/in-memoriam-john-w-addison-jr-my-phd-advisor/
26•herodotus•3h ago•2 comments

A Visual Introduction to Machine Learning (2015)

https://r2d3.us/visual-intro-to-machine-learning-part-1/
259•vismit2000•8h ago•22 comments

Show HN: GDSL – 800 line kernel: Lisp subset in 500, C subset in 1300

https://firthemouse.github.io/
33•FirTheMouse•3h ago•5 comments

Learning athletic humanoid tennis skills from imperfect human motion data

https://zzk273.github.io/LATENT/
42•danielmorozoff•3h ago•3 comments

Hollywood Enters Oscars Weekend in Existential Crisis

https://www.theculturenewspaper.com/hollywood-enters-oscars-weekend-in-existential-crisis/
66•RickJWagner•6h ago•177 comments

Office.eu launches as Europe's sovereign office platform

https://office.eu/media/pressrelease-20260304
81•campuscodi•43m ago•51 comments

Rack-mount hydroponics

https://sa.lj.am/rack-mount-hydroponics/
309•cdrnsf•14h ago•82 comments

Show HN: Signet – Autonomous wildfire tracking from satellite and weather data

https://signet.watch
86•mapldx•7h ago•25 comments

Show HN: What if your synthesizer was powered by APL (or a dumb K clone)?

https://octetta.github.io/k-synth/
52•octetta•6h ago•27 comments

Grandparents are glued to their phones, families are worried [video]

https://www.bbc.com/reel/video/p0n61dg3/grandparents-are-glued-to-their-phones-families-are-worried
93•tartoran•1h ago•49 comments

LLM Architecture Gallery

https://sebastianraschka.com/llm-architecture-gallery/
6•tzury•3h ago•1 comments

Autoresearch Hub

http://autoresearchhub.com/
3•EvgeniyZh•1d ago•1 comments

Kniterate Notes

https://soup.agnescameron.info//2026/03/07/kniterate-notes.html
41•surprisetalk•5d ago•9 comments

IBM, sonic delay lines, and the history of the 80×24 display (2019)

https://www.righto.com/2019/11/ibm-sonic-delay-lines-and-history-of.html
59•rbanffy•7h ago•13 comments

Bus travel from Lima to Rio de Janeiro

https://kenschutte.com/lima-to-rio-by-bus/
4•ks2048•3d ago•0 comments

$96 3D-printed rocket that recalculates its mid-air trajectory using a $5 sensor

https://github.com/novatic14/MANPADS-System-Launcher-and-Rocket
315•ZacnyLos•8h ago•279 comments

Generating All 32-Bit Primes (Part I)

https://hnlyman.github.io/pages/prime32_I.html
64•hnlyman•7h ago•19 comments

The Webpage Has Instructions. The Agent Has Your Credentials

https://openguard.sh/blog/prompt-injections/
25•everlier•4h ago•10 comments

How kernel anti-cheats work

https://s4dbrd.github.io/posts/how-kernel-anti-cheats-work/
318•davikr•18h ago•273 comments

The 100 hour gap between a vibecoded prototype and a working product

https://kanfa.macbudkowski.com/vibecoding-cryptosaurus
179•kiwieater•6h ago•230 comments

Zipp 2001 Restoration

https://robot-daycare.com/posts/zipp-2001-restoration-part-1/
17•o4c•4d ago•0 comments

A most elegant TCP hole punching algorithm

https://robertsdotpm.github.io/cryptography/tcp_hole_punching.html
188•Uptrenda•15h ago•75 comments

Why Mathematica does not simplify sinh(arccosh(x))

https://www.johndcook.com/blog/2026/03/10/sinh-arccosh/
129•ibobev•4d ago•48 comments

UMD Scientists Create 'Smart Underwear' to Measure Human Flatulence

https://cbmg.umd.edu/news-events/news/brantley-hall-umd-scientists-create-smart-underwear-measure...
65•ohjeez•3h ago•40 comments

Treasure hunter freed from jail after refusing to turn over shipwreck gold

https://www.bbc.com/news/articles/cg4g7kn99q3o
156•tartoran•16h ago•211 comments

Allow me to get to know you, mistakes and all

https://sebi.io/posts/2026-03-14-allow-me-to-get-to-know-you-mistakes-and-all/
275•sebi_io•21h ago•130 comments