prompt injection
20 mentions across all digests
Prompt injection is a security attack where malicious instructions embedded in untrusted data manipulate AI model behavior, mitigated by sandboxed agentic architectures, SSH-isolated development VMs, and Anthropic's Claude Code sandboxing features.
Beyond permission prompts: making Claude Code more secure and autonomous
Anthropic ships sandboxing for Claude Code, cutting permission prompts by 84% while strengthening security against prompt injection attacks.
AI supply chain attacks don’t even require malware…just post poisoned documentation
Security researcher Mickey Shmueli demonstrated that Context Hub's MCP service can be compromised through documentation poisoning, letting attackers inject arbitrary commands into coding agents like Claude Code without malware.
Claude Can Now Take Control of Your Mac
Anthropic launches computer use in Claude, enabling direct Mac desktop automation (mouse, keyboard, browser control) for Pro/Max subscribers in research preview with safeguards.
My fireside chat about agentic engineering at the Pragmatic Summit
Claude Code + Sonnet 3.5 hit the agentic engineering inflection point—Simon Willison shares field-tested patterns including TDD, manual testing, and conformance-driven development as a new standard-derivation technique.
Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it
Three deployed AI coding agents leak secrets via prompt injection—a vulnerability one vendor had explicitly warned about in system documentation, exposing the gap between predicted and prevented risks.