Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
JCM9 4 days ago

“Agentic” seems the be some quick pivot buzzword that the AI grifters started pushing as soon as generic AI started to show cracks.

“Hey this AI stuff looks a bit overhyped.”

“AI? Oh that’s kids stuff, let me tell you about our agentic features!”

Giving flaky shaky AI the ability to push buttons and do stuff. What could possibly go wrong? Malicious actors will have a field day with this.

jerf 4 days ago | parent | next [-]

I have definitely found utility in modeling certain words and phrases as having a value for marketers (and by extension, politicians) that acts much like a natural resource that they can "use up". It's a tragedy of the commons situation in which every participant is motivated to use it up as quickly as possible to their advantage because there is no reason for any given participant not to.

Further based on the way some of these things get used I'm pretty certain this modelling is consciously used by some higher-end marketing firms (and politicians), though by its nature it tends to also be copied by other people not in on the original plan simply by them copying what works, which depletes the value of the word or phrase even more quickly, and the fact that this will happen is part of the tragedy of the commons.

I'm sure it's only a matter of time before AIs become part of this push and we'll witness some sort of coordinated campaign where all our AIs simultaneously wake up one day and push us all with the same phrasing to do some particular thing at the behest of marketers or politicians because it works.

JCM9 4 days ago | parent [-]

We’re using big data to fuel our agentic AI on the blockchain to drive synergies with our machine learning powered NFT tokens to amplify network effects of social media backed personalized marketing campaigns.

ryandrake 4 days ago | parent | prev | next [-]

I'm so tired of hearing it. The new drinking game at the office is to do a shot every time a VP-or-above says "agentic." Is it even a fucking real word or is it just something made up by Silicon Valley smelling its own farts?

cjonas 4 days ago | parent | prev [-]

If you only give the AI the ability to do what the end user can already do, the risk is extremely low. It's essential no different then building a static web app where the client is connected to API for all operations. It basically just becomes a new way to interface into a application.

However... That's not how a lot of people are building. Giving an agentic system sensitive information (like passwords, credit cards) and then opening it up to the entire internet as a source for input as asking for your info to be stolen. It'd be like asking your grandma with dementia to manage all your email and online banking.

acdha 4 days ago | parent | next [-]

> If you only give the AI the ability to do what the end user can already do, the risk is extremely low.

Just because I can send my money to Belize doesn’t mean it’s safe to give an LLM the ability to do the same. Until there’s a huge breakthrough on actual intelligence giving an LLM attacker controlled inputs is an inherently high-risk activity.

cjonas 4 days ago | parent [-]

Ya, I didn't mean in the context of hooking up a LLM to control your browser (which is exactly what the article is about so, fair enough).

My point was:

It's not "insecure" for a bank to release an agentic assistant that can perform any of the operating that you, yourself can perform on their app. That includes "send my money to Belize", because at this point, whatever has taken control of your LLM already has direct authentication to the app itself.

It is of course "insecure" for that same agentic system (that the customer controls the input of) to perform any operations that only a teller or branch manager could. However, I've personally seen requests from CEO to do exactly this (not a bank, but similar industry).

The problem with an Agentic Browser, is your essentially opening up the "input" to anyone capable of building a website. As I said in my other comment, it feels like there are some simple ways to solve this tho (allowlist / scopes / etc).

cjonas 4 days ago | parent | prev [-]

I'll also add the problem in the article seems pretty solvable by allowing user to scope the agentic capabilities to specific websites ( eg "walmart.com:allow_cc,allow_adress").