Angehefteter Tweet
I've spent every day for the last 14 months building a language for scripting LLMs because I believe we need new primitives to defend against prompt injection.
Here's why:
x.com/sockdrawermone…
Sock@sockdrawermoney
English
Sock
2.7K posts
Sock
@sockdrawermoney
compsci will collapse into two bitter lessons. bitter lesson of security: it’s bitterly hard—forever. cofounded `npm audit`, @code4rena. frontierist. optimist.
Beigetreten Şubat 2021
1K Folgt3.1K Follower
The first thing you want to do with your nice secure agent sandbox is….wire it up to things so it’s no longer a sandbox.
Control ingress/egress and sanitize all you want, the semantic attack remains.
Matthew Green@matthew_d_green
A lot of people think the solution to “private AIs” is to just TEEs. This is already the approach being deployed by Meta, Apple and Google. I think that’s important, but not really a solution. The problem is that for agentic AI, agents need to interact with the real world.
English
@matthew_d_green Agreed. I think we need new primitives.
Then, we need architectures that treat the strategic management of taint as the central engineering task of building agents.
Sock@sockdrawermoney
I've spent every day for the last 14 months building a language for scripting LLMs because I believe we need new primitives to defend against prompt injection. Here's why: x.com/sockdrawermone…
English
A lot of people think the solution to “private AIs” is to just TEEs. This is already the approach being deployed by Meta, Apple and Google. I think that’s important, but not really a solution. The problem is that for agentic AI, agents need to interact with the real world.
English
@lonelysloth_sec I love the leaps made in the last year, but I felt in 2024 like I could do almost anything looping 3.6 at a problem with fresh context windows. so yeah, same page.
English
@sockdrawermoney at this point I think a 1/10 price reduction would do more good than 10x improvement.
English
Frontier LLMs are about 12 orders of magnitude more expensive than the same processing done my a normal deterministic program.
Doesn’t mean you shouldn’t use LLMs.
But please dont use them for repeating 1000x tasks that take two lines of Python.
English
@smoldev__ 100%!
...and Vitalik became obsessed with building decentralized systems because Warcraft nerfed his character!
English
Crazy how many technologies came out of the video game industry (GPU/Jensen Huang) or from people who started as game developers (Hal Finney/Satoshi), but modern gamers are collectively the saltiest FUDders of new technologies like AI and blockchain
English
bad: phishers figured out the best link to bait me into braindead clicking is “unsubscribe”
good: @37signals HEY’s screener means I’m never clicking unsubscribe again.
ty @dhh @jasonfried
now pls add the ability to create pattern-based filters. please please please! 🙏
English
get good at threat modeling
gonna be more important than learning to write code from here on out
Sebastian Banescu@banescusebi
@AdevarLabs I wish I had taken more time to write down threat models and derive a clear audit plan/checklist before jumping into the code. This was back in 2019 when there were far fewer public resources available.
English
Your prompt injection threat model is your social engineering threat model in pure software.
At scale, at speed, no lunch breaks, no bank holidays, with powerfully effective but wholly naive staff on the first day on the job.
It has to be custom-fit to your own risks and goals.
English
@badlogicgames @mitsuhiko It’s beyond gross. I desperately want out of this timeline. A huge portion of my fellow Americans have lost all decency and humanity.
English
Thank you. I’ve asked this in threads multiple times, seen it asked by others even more. @trq212 does not answer.
My guess is they want to keep it a grey area where TOS says “no” but devs doing orchestration is not overtly discouraged yet because they learn from it.
My hope is they just create much higher orchestrator Max tiers (instead of ppl having to account swap) and bless this use case. Used to think that was inevitable but now I’m not so sure.
English
Can I get some questions answered by someone at Anthropic?
1. Can you use an OAuth token generated from a subscription to power the Claude Agent SDK strictly for using Claude Code in a local dev loop?
All I want is a more reliable API for parallelizing multiple Claude Code's.
2. If I build an open source tool that relies on this pattern - i.e. for making parallelization easier - can I distribute it so that other people can use it?
The reason I'm asking is that the legal compliance docs and @trq212's public statements (below) appear to contradict.
x.com/trq212/status/…
English
You can have better odds of securing a standardized widely used protocol than dozens of CLIs with mixed interfaces and provenance.
You already don’t have enough fingers for all the leaks in your dike.
Abandoning a chokepoint in favor of more holes is sillypants.
yenkel@yenkel
English
¿Por qué no los dos?
Erik Dunteman@erikdunteman
Harness inside the sandbox, or outside the sandbox? Why?
Español
@Montyly @VitalikButerin and even if precise code reasoning can be achieved, security will remain a grind forever.
Sock@sockdrawermoney
English
@VitalikButerin AI can speed up invariant dev tasks like harness generation and lead to smart templates, but it won't be a game changer imho.
The core of invariant dev lies on precise code reasoning, where models are still struggling.
But I would be more than happy to be proven wrong
English
One application of AI that I am excited about is AI-assisted formal verification of code and bug finding.
Right now ethereum's biggest technical risk probably is bugs in code, and anything that could significantly change the game on that would be amazing.
English
@lonelysloth_sec @TheBlockChainer Currently betting that in non-staff IT expenditure by 2028 #1 will be inference, #2 will be agent security
English
@TheBlockChainer 29% think they know how to secure them. 0.01% do.
English
Only 29% of organizations say they're ready to secure their AI agent deployments.
Meanwhile, 40% of enterprise apps will have AI agents by end of 2026.
That's a 71% gap between "we're shipping agents" and "we know how to secure them."
As a security founder, this is the biggest opportunity I've seen since DeFi summer 2020. Every company deploying AI agents needs:
→ Threat modeling for agentic workflows
→ MCP server security audits
→ Prompt injection testing
→ Tool-use permission reviews
→ Supply chain analysis for agent dependencies
This is where Web3 security expertise directly translates. We've been auditing trustless systems for years. AI agents are the next trustless system.
Zealynx is building an AI security practice on top of our smart contract audit foundation. If you're deploying agents and haven't thought about security — we should talk.
English
hahahaha
this is my remaining blocker to launching node-rlm in OpenProse Cloud to let you all play with a very cool new kind of computer
I should’ve just remembered you can launch these days without worrying about security
my current the problem: the harness is available to be called be the harness, a clever prompter can get it to exfiltrate the API key. I have a couple of working solutions but neither fully implemented. not a straightforward problem
Yousif Astarabadi@YousifAstar
English
With agents running on a computer, the threat model is different. You have to assume everything in there is toxic. So how do you protect yourself?
- Build a gateway to route all your API calls.
- If you need to leave API keys in your sandbox, they need to be keys to the gateway.
- Prompt injection cannot be solved.
Yousif Astarabadi@YousifAstar
English
@nateparrott And now today Ted is on TV defending his fellow Christian
Aaron Rupar@atrupar
Ted Cruz: "I'll confess -- I have not seen a basis laid out for why the government would be prohibited from using Anthropic. Claude is one of the many AI tools that can be very helpful ... I don't think government should be picking winners and losers"
English
click into the quote tweet please
Ted Cruz@tedcruz
Every Christian should read this. Every non-Christian—especially—really should read this. It’s powerful, insightful & beautiful. 🙏🙏🙏
English
Sock retweetet
When I said we were going all in on the intersection between agentic commerce and Ethereum, I meant it.
The world’s first lunch ordered by an AI and paid for on Ethereum.
Number Group@numbergroupxyz
Today, AI achieved a historic milestone and fed a human. Computer Pizza lets an agent order Domino’s and pay with $USDC on Ethereum. It might sound cheesy but the robots aren’t taking your job yet. They’re making sure you have dinner. Paste the url below to your agent so you can slop an extra-large piece of history today. computerpizza.xyz
English
@deanwball @mattyglesias Ted Cruz is standing up for his fellow Christian!
Ted Cruz@tedcruz
This is extraordinary. And powerful. 🙏
English
I admire Senator Cruz for saying this. Everyone else should too. Make it beneficial to do the right thing!
Aaron Rupar@atrupar
Ted Cruz: "I'll confess -- I have not seen a basis laid out for why the government would be prohibited from using Anthropic. Claude is one of the many AI tools that can be very helpful ... I don't think government should be picking winners and losers"
English
@trq212 @theo yes, this range or more is what my hand-rolled code review orchestrators cost on API
please just make a Claude Code Orchestrator Max subscription with higher limits so we don't have to account-swap to predictably budget token spend (affectionately 'the @Doodlestein Maneuver')
English
Anthropic really needs like 1 normal person to proof these things before posting
Claude@claudeai
Code Review optimizes for depth and may be more expensive than other solutions, like our open source GitHub Action. Reviews generally average $15–25, billed on token usage, and they scale based on PR complexity.
English