问HN:如果没有发生提示注入,是否就安全?
由于我使用的是开放式爪子(open claw),我对提示注入(prompt injection)的担忧超过了对糟糕代码的担忧。然而,我觉得我这种想法有些不理性地偏执。我只是个小角色,单独一个人,真正想要攻击我的人需要利用一个价值数百万美元的零日漏洞,而他们并不会选择我作为目标。
如果我们考虑通过终端命令意外删除所有内容的情况,我还没有见到这种情况真正发生过。
从演绎的角度来看,我能想象出开放式爪子的所有最坏情况,但从归纳的角度来看,我从未见过它真正发生。
我觉得假装开放式爪子是一个真正的安全风险有点不理性。
一旦我在黑客新闻(Hacker News)上看到有人遭遇了提示注入,我想我会开始担心。直到那时,我几乎需要像中彩票一样的机会,才能成为第一个通过提示注入被黑客攻击的人。
查看原文
As I use open claw I am concerned about prompt injection more than bad code. However I think I'm irrationally paranoid. I'm small fries I'm a single individual, someone actively trying to hack me is exploiting a multi-million dollar zero day and they're not doing that on me.<p>If we're thinking about accidentally deleting everything through a terminal command, I've yet to see this actually occur.<p>Deductively I can see all of the worst case scenarios with open claw. Inductively I've never seen it actually happen.<p>I find it a bit irrational to pretend that open claw is a genuine security risk.<p>The moment I see on Hacker News that someone got prompt injected, I think I'll be concerned. Until then I would need almost a lottery like chance to get hacked as the first person through prompt injection.