The IT Blog

Tag: Agents

  • Are we now coding / writing for other agents?

    I just wanted to tick off another article that I had marked for “read later”. In Claude Code is blowing me away, Nick Hodges writes about his surprise how well Claude Code wrote a website plus payment connection for him.

    The story itself is impressive, no doubt. But a key sentence (to me) comes later when he writes:

    The lesson here is that much of what we are doing now is not coding for humans—we are now coding for other agents.

    Nick Hodges

    … and, well, I pretty much agree. Whenever I see any LLM-chat sytem like perplexity or chatgpt in my access logs, I see what he means as well. And – I don’t complain about it. This might be confusing, but the fediverse changed my mind.

    Wait … the Fediverse?

    Yes, the Fediverse!

    I was (and am) happy and proud when people find their way to my website and — hopefully — find something that they find useful! And when i enabled the WordPress-fediverse plugin on my website, I was happy to open the content up to the fediverse.

    And when I don’t just publish a teaser, the whole post can be read completely in the respective fediverse client – well the same holds for RSS, but with the fediverse, it became really apparent to me. And in both scenarios (RSS or Fedi), I don’t get the reader via Browser to my website. They might just stay in their RSS reader or Fedi-client.

    And now? Agents come along as another “client”?

    Should I care? Well yes! Maybe I should keep in mind to make the website agent-friendly (just text only, no CSS, ….)? As long as my content generates value to a visitor, I might just feel fine. No mater which client is used.

    Of course, this attitude doesn’t hold for anyone who needs to make money from the website visit (like showing ads) or aims for a branding effect! But in my case … I could post my How-Tos also on StackOverflow and don’t get branding effects or credit for it …

    Maybe it’s naive. Maybe not. Maybe it’s just the future. I don’t know. But for this website, I don’t want to care too much.

  • The Malicious (Coding) Agent …

    I just watched Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents from Johann Rehberger on the . He shows quite impressive how the future threat model looks like, the more AI Agents are deployed.

    In his talk he demoes a couple of attacks that were applied by using agents. I don’t want to summarize the talk here (you might want to read the heise online article instead), but it is ways beyond “simple prompt injection”!

    But my most “aha”-moment was the statement to treat an Agent as a Malicous Internal. Which is probably the worst scenario you want to deal with. Usually you would like to trust your co-workers and not treat them as if they could stab you in the back while smilig at you.

    Anyways, I’m pretty sure the technology will evolve into more secure ways. But it will also stay as a new way of attack in the future. I’d recommend checking it out!

    https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents

    PS: I’d embed it here, but this obviously requires some CSS / WordPressTheme-magic …

    Related links:

    Fediverse Reactions

  • How to write great agents.md(s) – A recommendation from GitHub

    GitHub’s new guide, How to write a great agents.md: Lessons from over 2,500 repositories, pulls lessons from over 2,500 repositories to show how to document AI agents effectively. It’s not just about clarity but also about making collaboration, reproducibility, and scalability possible.

    The guide breaks down how to structure agents.md files for real-world utility. It highlights common mistakes and explains why solid documentation is the backbone of any successful AI project. Whether you’re a developer, DevOps engineer, or just curious about AI tooling, this is a practical roadmap.

    For anyone serious about AI development, this is a resource worth keeping: https://github.blog/ai-and-ml/github-copilot/how-to-write-a-great-agents-md-lessons-from-over-2500-repositories/

  • o365 “control plane” for AI Agents coming

    I just read an article on InfoWorld, that Microsoft rolls out Agent 365 ‘control plane’ for AI agents. The description sounds quite well what an enterprise needs in terms of compliance and security:

    Microsoft said that Agent 365 unlocks five capabilities intended to make enterprise-scale AI possible:

    • Registry, to view all agents in an organization, including agents with agent ID, agents registered by the user, and shadow agents.
    • Access control, to bring agents under management and limit access only to needed resources.
    • Visualization, to explore connections between agents, people, and data, and monitor agent performance.
    • Interoperability, by equipping agents with applications and data to simplify human-agent workflows. They would be connected to Work IQ to provide context of work to onboard into business processes.
    • Security, to protect agents from threats and vulnerabilities and remediate attacks that target agents.
    Microsoft rolls out Agent 365 ‘control plane’ for AI agents | InfoWorld

  • AI Agents: Loyal Only to the Prompt

    Recently I thought “If AI scrapers are scraping my website, would a prompt injection work? Just adding invisible Prompt commands …?”

    And just today, a colleague sent me this link to an article about prompt injection in GitLab Duo: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft:

    TL;DR: A hidden comment was enough to make GitLab Duo leak private source code and inject untrusted HTML into its responses.

    https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo

    Well – it shows: damit! Someone else was faster! :-D

    But besides that: it confirms a paranoid thought that I have been harboring for quite a while. Any output of an AI system must not be trusted blindly.

    (more…)