| ▲ | blcknight 2 hours ago | |
One bad npm package can really ruin your day. These things for me only run in their own VM with it's own GitHub account and basically nothing else | ||
| ▲ | ofjcihen an hour ago | parent [-] | |
People probably think you’re being ridiculous but Shai Hulud had its very first attempt at manipulating AI lead analysis and I know of at least one company where that resulted in them getting pwned. This is only going to become more of a problem in the future and people need to educate themselves on the technical barriers to use because guardrails only sometimes work. | ||