I am convinced we are on the verge of the first "AI agent worm".
-
@dvshkn @mcc @cwebber So the trick here is if you install OpenClaw in secret on a user's machine who isn't checking carefully, you might hide easily in network traffic. Use of tools like Claude Code would make the same API calls, which is likely for users who would be targeted with these attacks.
The real insane part is if multiple instance of OpenClaw were running on the same machine, so not even the process name looked suspicious. But of course process names are a poor indicator and can be changed.
@mttaggart @dvshkn @mcc @cwebber this does suggest a good defense: block outgoing network traffic to the big inference providers and you're likely to be safe from the less-targeted versions of this.
-
@bsmall2@fedibird.com @aeva@mastodon.gamedev.place @cwebber@social.coop For those who decide to do this, please pay attention to health & sanitation practices.
(Improvising it without care has been a problem in various places & cases.)
-
-
@bsmall2@fedibird.com @aeva@mastodon.gamedev.place @cwebber@social.coop For those who decide to do this, please pay attention to health & sanitation practices.
(Improvising it without care has been a problem in various places & cases.)
-
-
@cwebber According to #Shadowrun the crash virus is still three years away.
https://shadowrun.fandom.com/wiki/Crash_Virus_of_2029
"Fun" fact: In Shadowrun the Crash Virus learned to kill humans who connected their brains to the net. It was the start of lethal internet input.
-
-
@aeva@mastodon.gamedev.place @bsmall2@fedibird.com @cwebber@social.coop From what I understand on an intellectual basis the root of the issue is that they refused to let it compost for long enough in the right conditions for it to fully complete and not have that issue.
It was probably within whatever norms have been established as “safe” but that didn’t exactly make it pleasant for anyone living downwind that particular day.
-
-
@cmthiede @neurobashing @cwebber
Congratulations. You just pre-named it when it happens.
@pseudonym @neurobashing @cwebber sorry for not being more creative, I was fine with fiction staying that way
-
-
@bituur_esztreym @lispi314 @cwebber this town's finished.
-
@bituur_esztreym @lispi314 @cwebber this town's finished.
-
@bituur_esztreym @lispi314 @cwebber it's a reference https://www.youtube.com/watch?v=F9OmTnuLzeQ
-
@cwebber so I'm following this right, it sounds like the project or its maintainers don't even necessarily need to even be using LLM tools, the attack pattern simply targets contributors who are using LLM development tools? and so all that is really needed is for the payload to be subtle and the maintainer to be sufficiently overwhelmed (say, by an endless fire hose of LLM-generated liquid shit slop pull requests)?
-
@bituur_esztreym @lispi314 @cwebber it's a reference https://www.youtube.com/watch?v=F9OmTnuLzeQ
-
@cwebber apropos of nothing, is pottery still a big deal for humans? i was thinking this morning that pottery might be a nice career change for me.
-
@aeva@mastodon.gamedev.place @cwebber@social.coop Not really, it’s been mass-industrialized so at this point outside of Etsy stuff you can largely forget it.
And no one’s going to use very expensive handmade pottery, it’s going to be a display piece.
-
-
