Here's my AI misuse tag: https://simonwillison.net/tags/ai-misuse/ - 54 posts

My ongoing coverage of AI ethical issues: https://simonwillison.net/tags/ai-ethics/ - 308 posts

I've been the loudest voice about the fundamental insecurity of LLMs for several years: https://simonwillison.net/tags/prompt-injection/ - 150 posts

In https://simonwillison.net/2025/Aug/25/agentic-browser-securi... I said "I strongly expect that the entire concept of an agentic browser extension is fatally flawed and cannot be built safely."

▲

iLoveOncall 9 days ago | parent | next [-]

Literally none of those articles are critizing LLMs, only use made of them by 3rd party actors outside of the providers. It really has nothing to do with LLMs themselves.

The fact that you had to dig to August 2025 to find a single article that's actually a critic of something produced by the AI labs is just further proof.

	▲	simonw 9 days ago \| parent [-]
		The prompt injection stuff is very critical of both the technology and the LLM providers especially when I call out that their solution is still to say "they're getting better at avoiding the attacks" when my line has consistently been that "99% is a failing grade".

▲

dotproto 8 days ago | parent | prev [-]

As someone involved in the WebExtensions Community Group who has been (slowly) trying to figure out what, if anything, we should do at the platform level around these use cases, I appreciate you raising and repeating this concern. I'd be obliged if you have any other recommended reading around this topic.