"The curse of prompt injection continues to be that we’ve known about the issue for more than two and a half years and we still don’t have convincing mitigations for handling it. (tldr.nettime.org)

submitted 2 months ago by remixtures@tldr.nettime.org to c/cybersecurity@fedia.io

0 comments fedilink hide all child comments

"The curse of prompt injection continues to be that we’ve known about the issue for more than two and a half years and we still don’t have convincing mitigations for handling it.

I’m still excited about tool usage—it’s the next big feature I plan to add to my own LLM project—but I have no idea how to make it universally safe.

If you’re using or building on top of MCP, please think very carefully about these issues:

Clients: consider that malicious instructions may try to trigger unwanted tool calls. Make sure users have the interfaces they need to understand what’s going on—don’t hide horizontal scrollbars for example!

Servers: ask yourself how much damage a malicious instruction could do. Be very careful with things like calls to os.system(). As with clients, make sure your users have a fighting chance of preventing unwanted actions that could cause real harm to them.

Users: be thoughtful about what you install, and watch out for dangerous combinations of tools."

https://simonwillison.net/2025/Apr/9/mcp-prompt-injection/

#AI #GenerativeAI #LLMs #Chatbots #CyberSecurity #MCP #PromptInjection

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here

this post was submitted on 27 May 2025

4 points (100.0% liked)

Cybersecurity

2 readers

8 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io