Tag: security
All the articles with the tag "security".
-
Ghostty: The 'Harmless' Prompt Injection
Ghostty has shipped three security advisories in 18 months, each dismissed as requiring 'user interaction.' The pattern reveals something important about how the industry treats terminal injection — and why that framing is increasingly dangerous.
-
Hermes Agent and the Search Provider Attack Surface
Hermes Agent's pluggable search provider architecture creates a layered attack surface most users don't see: prompt injection through search results, credential exfiltration via scheduled jobs, and silent query routing through third-party infrastructure.
-
AI Agent Security: The Lethal Trifecta and the Rule of Two
Two complementary frameworks — Simon Willison's Lethal Trifecta and Meta's Rule of Two — explain why AI coding agents are reliably exploitable when they combine private data access, untrusted input, and external communication.