I am still watching the recordings of talks given on the #39C3 Chaos Communications Congress (see the talks here). Katharina Nocun gave a talk titled Doomsday-Porn, Schäferhunde und die „niedliche Abschiebung“ von nebenan where she shows a really disturbing trend: AI-generated content is becoming a cornerstone of authoritarian and far-right communication strategies.
(more…)Tag: GenAI
-
The Malicious (Coding) Agent …
I just watched Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents from Johann Rehberger on the #39c3. He shows quite impressive how the future threat model looks like, the more AI Agents are deployed.
In his talk he demoes a couple of attacks that were applied by using agents. I don’t want to summarize the talk here (you might want to read the heise online article instead), but it is ways beyond “simple prompt injection”!
But my most “aha”-moment was the statement to treat an Agent as a Malicous Internal. Which is probably the worst scenario you want to deal with. Usually you would like to trust your co-workers and not treat them as if they could stab you in the back while smilig at you.
Anyways, I’m pretty sure the technology will evolve into more secure ways. But it will also stay as a new way of attack in the future. I’d recommend checking it out!
https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents
PS: I’d embed it here, but this obviously requires some CSS / WordPressTheme-magic …
Related links:
- 39C3: Power Cycles – media.ccc.de (all videos)
Fediverse Reactions
-
Reproducible Vibe Coding | It’s all About Context
Actually I wanted to try a bit GithubCopilot with
Agents.md. Yet .. I think during the project I totally forgot to test the influence of the Agents file but tried “vibeCoding” in a reproducible way.I had a very little project in mind that authenticates to Mastodon, fetches some data, saves into a database and displays some metrics on a web page in basic charts. Nothing overly fancy, but also some stuff that would simply take some time when coding “alone”. Like proper OAUTH flow, paging through mastodon apis, rate limiting, database writing, database setup script and cleanup. Some Javascript for the chart, etc.
But I thought it might be nice to try with GithubCopilot (GHC). But I’m also a big fan of reproducible results. So … step by step, what did I do.
(more…) -
How to write great agents.md(s) – A recommendation from GitHub
GitHub’s new guide, How to write a great agents.md: Lessons from over 2,500 repositories, pulls lessons from over 2,500 repositories to show how to document AI agents effectively. It’s not just about clarity but also about making collaboration, reproducibility, and scalability possible.
The guide breaks down how to structure
agents.mdfiles for real-world utility. It highlights common mistakes and explains why solid documentation is the backbone of any successful AI project. Whether you’re a developer, DevOps engineer, or just curious about AI tooling, this is a practical roadmap.For anyone serious about AI development, this is a resource worth keeping: https://github.blog/ai-and-ml/github-copilot/how-to-write-a-great-agents-md-lessons-from-over-2500-repositories/
-
The Cost of Going All-In on AI
On Mastodon, I just came across “I Went All-In on AI. The MIT Study Is Right.” from Josh Anderson. He spent three months building a product using only AI-generated code. The result? A working product, but also a dangerous realization: He no longer fully understood his own creation. When a small change was needed, he hesitated.
(more…) -
LLM Update in Production: When Prompts Fail — and What It Means for Your Applications
t3n recently wrote that OpenAI’s GPT 5.1 update might come with a surprise to desktop users: previously reliable prompts no longer behave as expected. While this may be just a minor annoyance in day-to-day chat interactions, think about what that means in production environments.
(more…) -
Mistral 3 Released
Mistral AI has published Mistral 3, the latest version of their open-weight language model. The models are available under the Apache 2.0 license and, according to their benchmarks, outperform DeepSeek’s recent models in several key areas … well, let’s see.
(more…)Fediverse Reactions
-
-
I break things … Google Veo
Recently I had the opportunity to test the new Google AI-Video generator powered by Veo 3(.1). The demo was truley impressive and scary at the same time! And then we were able to test it ourselves …
(more…) -
o365 “control plane” for AI Agents coming
I just read an article on InfoWorld, that Microsoft rolls out Agent 365 ‘control plane’ for AI agents. The description sounds quite well what an enterprise needs in terms of compliance and security:
Microsoft said that Agent 365 unlocks five capabilities intended to make enterprise-scale AI possible:
- Registry, to view all agents in an organization, including agents with agent ID, agents registered by the user, and shadow agents.
- Access control, to bring agents under management and limit access only to needed resources.
- Visualization, to explore connections between agents, people, and data, and monitor agent performance.
- Interoperability, by equipping agents with applications and data to simplify human-agent workflows. They would be connected to Work IQ to provide context of work to onboard into business processes.
- Security, to protect agents from threats and vulnerabilities and remediate attacks that target agents.
