2025.11.08
I have to confess "your web browser's assistive AI can be instructed to steal your online banking password via prompt injection because it operates with full privileges and treats all text it ingests as equally authoritative sources of user instructions, including the text of web pages it's summarising" is more surprising to me than it should have been. There really is no one involved at any point in the development of these tools who actually understands what they're doing, huh?