top | item 46876869

(no title)

jonny_eh | 26 days ago

> It’s deeper: LLM-generated code, calling external APIs with real credentials, without human review.

This also follows the rule of 3s, which LLMs love, there ya go.

discuss

johnfn|26 days ago

Yeah, I feel like this is really the smoking gun. Because it's not actually deeper? An LLM running untrusted code is not some additional level of security violation above a plugin running untrusted code. I feel like the most annoying part of "It's not X, it's Y" is that agents often say "It's not X, it's (slightly rephrased X)", lol, but it takes like 30 seconds to work that out.

jonny_eh|26 days ago

It's not just different way of saying something, it's a whole new way to express an idea.