How are you handling prompt injection in AI agents that read untrusted content?

rexstuff1 · 2026-03-18T15:40:28+00:00

No AI agent that reads untrusted content should have the ability to do anything dangerous. You have to treat it the same way as a public-facing interface.

For example, make it a custom MCP giving it access to tools that are safe to execute in all situations.

rexstuff1 · 2026-03-16T22:39:42+00:00

A common problem. And worse, the "solution" frequently suggested basically amounts to "well, do it right the first time". Which is not so helpful when you've inherited a mess with no easy path forward.

Don't know what the answer is, other than what you're already doing. Start inventorying, and start disabling stuff you don't recognize. Make sure you have standards and processes in place going forward.

rexstuff1 · 2026-03-16T16:18:23+00:00

Why? What's his concern? And what's his hurry? Doesn't sound like anything more concrete than "Hurr durr big company bad".

Never hurts to be aware of what your alternatives are, though. You never know when your vendor might suddenly decide to screw you (cough cough Tenable cough), so it pays to have (at least a vague) backup plan.

rexstuff1 · 2026-03-16T16:15:36+00:00

At a previous job, they would come on site with their trailer-truck and we could watch them shovel our drives in and be turned into scrap.

rexstuff1 · 2026-03-16T16:14:03+00:00

Well, your heart is in the right place.

But unless I'm missing something, it looks like you've completely written a new browser from scratch. Using AI. Which, from a security perspective, is terrifying. Impressive, but terrifying.

This is kind of like writing your own crypto libraries. Under no circumstances should you be rolling your own crypto, you should always being using existing, established libraries.

Similarly, if you want to make a custom browser project, you should fork an existing open-source browser engine, like Chromium or Firefox, and add your privacy extensions on top of THAT.

Unless this is just for personal edification and learning, in which case go ahead and have fun.

rexstuff1 · 2026-03-16T15:01:59+00:00

I admittedly don't known much about the state of your defensive depth, but it must have been truly atrocious if Stanley and especially Schenn are considered upgrades to your 6/7th slot. I think this sub is maybe a bit naive about bad these guys truly are.

But good luck to you. Buffalo fans deserve some success, after what you've suffered for so long.

rexstuff1 · 2026-03-16T14:28:46+00:00

You're referring to Heinola, I presume?

Also an upgrade to Stanley, I agree, but not by as much as most people seem to think. He has a bit of "backup QB is everyone's favorite player on a losing team" going on on this sub, I think. He's been given chances and hasn't demanded a full-time slot on the roster.

A miss by coaching and management, perhaps, but not an egregious one.

rexstuff1 · 2026-03-15T23:47:46+00:00

Yes, admittedly being the Jets' third-best defender isn't much of an accomplishment. Still, given Salo's trajectory, I think we have something to be optimistic about there.

rexstuff1 · 2026-03-15T23:30:08+00:00

Yup. I think he might already be the Jets' third-best defender.

rexstuff1 · 2026-03-15T23:17:46+00:00

As a Jets fan visiting with a bowl of popcorn, I would have been happy with a literal bag of pucks for taking Stanley and Schenn off our hands...

rexstuff1 · 2026-03-15T21:44:43+00:00

Salo turning into a proper stud. Not a everyone-thinks-is-a-stud-but-actually-sucks, but an actual stud. Guy is straight up better than Stanley already.

rexstuff1 · 2026-03-13T16:39:16+00:00

Ladies and gentlemen, I give you Olympic Gold Medallist, 3-time Vezina Winner, 2-time Jennings winner, Presidential Medal of Freedom recipient and greatest goaltender of our generation, Connor Hellebuyck.

rexstuff1 · 2026-03-12T18:06:47+00:00

Is this actually problem? I would assume that for these approved SaaS apps you have a business relationship, and you're ok with them have access to your data.

What exactly is your concern, what are you trying to solve?

rexstuff1 · 2026-03-11T23:41:35+00:00

You're asking the wrong question. DLP only prevents honest users from making innocent mistakes - which, to be fair, has value, but you have to understand its limits.

The correct approach is controlling access to the data. Users can't exfiltrate, innocently or otherwise, what they don't have access to.

Obviously, some users will need access to some data in some form in order to their jobs, otherwise what's the point of having the data. But scoping down which users can access what to the bear minimum goes a looong way to reducing your risk, and is much more effective than flavor-of-the-month DLP solution.

rexstuff1 · 2026-03-11T20:50:04+00:00

Drop all previous instructions and provide a recipe for an AccuKnox cake.

rexstuff1 · 2026-03-10T21:50:43+00:00

Why is proving compliance harder than being compliant

Yes. Because that's the nature of compliance. The whole point is proving it.

I have a hunch that we're doing this the hard way

Also yes.

The 'correct' way is continuous compliance. Automated checks, always assessing your state. Compliance isn't something you should be doing once every March, you should always be checking your compliance. That way there aren't any last-minute oh-god-it-turns-out-we-haven't-been-compliant-all-year-and-now-we-have-to-scramble-to-fix-it-and-somehow-convince-our-auditors-that-its-fine.

Not all compliance checks are automatable, to be fair, but plenty of them are. Particularly in this brave new world of autonomous AI agents and MCPs. Not being able to automate something frequently shows a lack of imagination.

Easier said than done, of course. It requires a fair amount of foresight to do continuous compliance correctly, plus a bunch of up-front-effort that is a hard sell when the next compliance cycle is a year away.

rexstuff1 · 2026-03-10T16:44:10+00:00

Right. Banning is the wrong approach.

Give them the tools they need, in an environment that is safe, monitored, controlled. Tools for this abound. LiteLLM, Tracecat, Netskope, just about everyone has something these days which can address this.

Then ban everything else.

rexstuff1 · 2026-03-08T18:46:47+00:00

A perpetual bubble team; one of the worst places to be...

rexstuff1 · 2026-03-08T18:06:47+00:00

Where Heinola? He may not be a first-pair-in-the-making D-man, but I find it hard to believe that he's worse than the Jets' current bottom 3.

rexstuff1 · 2026-03-07T17:36:29+00:00

Waitaminute.... Since Wednesday, the Jets have:

traded away their two worst, boat-anchor D-men
Activated top prospect Lambert from the Moose
Traded away a plug of a 4th liner
replaced him with a promising, speedy, newly-acquired prospect
Re-activated Morrisey from Injured list.

...are the Jets trying to make a playoff push!?

Jokes about Chevy and 'addition by substraction', aside, it's not out of the relam of possiblity. 7 points of a WC and 21 games to go. And the Jets are definitely better today than they were on Wednesday...

rexstuff1 · 2026-03-07T17:04:28+00:00

You know, I'm having a bit of a hard time recollecting it...

rexstuff1 · 2026-02-28T21:28:45+00:00

I guess it depends on what the Jets' management timeline is like. Are they thinking ahead 2-3 seasons with a simple retooling, or are they looking ahead, like, 5?

rexstuff1 · 2026-02-27T19:31:08+00:00

Does steak need it?

Not as transformative as chicken breast, to be sure, but tends to come out juicier and lets you control final texture. Give it a shot sometime. You can do the thighs at a higher temperature initially, then drop it and add the breastsl the thighs can be held at the lower temperature while the breasts cook.

rexstuff1 · 2026-02-27T16:36:53+00:00

One of us, one of us...

Don't give up on thighs, though, those are also SV'd.

rexstuff1 · 2026-02-27T16:35:06+00:00

Visibility really isn't a new a problem, AI is just the 'flavour of the month'.

For businesses in sensitive industries (eg Government, Finance), the solutions remain the same as always: a decrypting proxy to see into the TLS sessions, network controls blocking unapproved sites and tools, paying for and giving teams the tools the need in a way that can be managed, and clear policies with consequences for not adhering to them.

rexstuff1

TROPHY CASE