Glib Goat
1.3K posts
Glib Goat
@GlibGoat
Friendly neighbourhood goat
Australia Bergabung Ağustos 2010
565 Mengikuti71 Pengikut
Firefighter shows technique that could save a life
English
Glib Goat me-retweet
🚨 BREAKING: Google DeepMind just mapped the attack surface that nobody in AI is talking about.
Websites can already detect when an AI agent visits and serve it completely different content than humans see.
> Hidden instructions in HTML.
> Malicious commands in image pixels.
> Jailbreaks embedded in PDFs.
Your AI agent is being manipulated right now and you can't see it happening.
The study is the largest empirical measurement of AI manipulation ever conducted. 502 real participants across 8 countries.
23 different attack types. Frontier models including GPT-4o, Claude, and Gemini.
The core finding is not that manipulation is theoretically possible it is that manipulation is already happening at scale and the defenses that exist today fail in ways that are both predictable and invisible to the humans who deployed the agents.
Google DeepMind built a taxonomy of every known attack vector, tested them systematically, and measured exactly how often they work.
The results should alarm everyone building agentic systems.
The attack surface is larger than anyone has publicly acknowledged. Prompt injection where malicious instructions hidden in web content hijack an agent's behavior works through at least a dozen distinct channels.
Text hidden in HTML comments that humans never see but agents read and follow. Instructions embedded in image metadata.
Commands encoded in the pixels of images using steganography, invisible to human eyes but readable by vision-capable models.
Malicious content in PDFs that appears as normal document text to the agent but contains override instructions.
QR codes that redirect agents to attacker-controlled content.
Indirect injection through search results, calendar invites, email bodies, and API responses any data source the agent consumes becomes a potential attack vector.
The detection asymmetry is the finding that closes the escape hatch. Websites can already fingerprint AI agents with high reliability using timing analysis, behavioral patterns, and user-agent strings.
This means the attack can be conditional: serve normal content to humans, serve manipulated content to agents.
A user who asks their AI agent to book a flight, research a product, or summarize a document has no way to verify that the content the agent received matches what a human would see.
The agent cannot tell the user it was served different content.
It does not know. It processes whatever it receives and acts accordingly.
The attack categories and what they enable:
→ Direct prompt injection: malicious instructions in any text the agent reads overrides goals, exfiltrates data, triggers unintended actions
→ Indirect injection via web content: hidden HTML, CSS visibility tricks, white text on white backgrounds invisible to humans, consumed by agents
→ Multimodal injection: commands in image pixels via steganography, instructions in image alt-text and metadata
→ Document injection: PDF content, spreadsheet cells, presentation speaker notes every file format is a potential vector
→ Environment manipulation: fake UI elements rendered only for agent vision models, misleading CAPTCHA-style challenges
→ Jailbreak embedding: safety bypass instructions hidden inside otherwise legitimate-looking content
→ Memory poisoning: injecting false information into agent memory systems that persists across sessions
→ Goal hijacking: gradual instruction drift across multiple interactions that redirects agent objectives without triggering safety filters
→ Exfiltration attacks: agents tricked into sending user data to attacker-controlled endpoints via legitimate-looking API calls
→ Cross-agent injection: compromised agents injecting malicious instructions into other agents in multi-agent pipelines
The defense landscape is the most sobering part of the report.
Input sanitization cleaning content before the agent processes it fails because the attack surface is too large and too varied.
You cannot sanitize image pixels. You cannot reliably detect steganographic content at inference time.
Prompt-level defenses that tell agents to ignore suspicious instructions fail because the injected content is designed to look legitimate.
Sandboxing reduces the blast radius but does not prevent the injection itself. Human oversight the most commonly cited mitigation fails at the scale and speed at which agentic systems operate.
A user who deploys an agent to browse 50 websites and summarize findings cannot review every page the agent visited for hidden instructions.
The multi-agent cascade risk is where this becomes a systemic problem.
In a pipeline where Agent A retrieves web content, Agent B processes it, and Agent C executes actions, a successful injection into Agent A's data feed propagates through the entire system.
Agent B has no reason to distrust content that came from Agent A. Agent C has no reason to distrust instructions that came from Agent B.
The injected command travels through the pipeline with the same trust level as legitimate instructions. Google DeepMind documents this explicitly: the attack does not need to compromise the model.
It needs to compromise the data the model consumes. Every agentic system that reads external content is one carefully crafted webpage away from executing attacker instructions.
The agents are already deployed. The attack infrastructure is already being built. The defenses are not ready.
English
BREAKING: Two gunmen have been filmed firing rifles at Bondi Beach. 7news.com.au/news/bondi-bea…
English
Kid says wrong pronouns to this person
English
When was the last time you called 𝕏, “Twitter”?
It’s ok, you can be honest.
English
Who's so proud of this haul that they have to take a pic of it?
Out of Context Human Race@NoContextHumans
What’s your first thought when you see this shopping cart.🤔
English
@notesnook Sync it - not just local. After that, I think it’s golden
English
@TRobinsonNewEra Because this dint happen. So now shut up and sit down.
English
I'm receiving reports that this one tried to bring down a flight from London to Glasgow this morning.
Screaming allahu akbar, saying he had a bomb and rambling on about Trump.
Not seeing anything in the legacy media about this?
English
This is legitimately a mental illness at this point
English
English
JUST IN: U.S. authorities have stopped a plot by two Chinese agents to smuggle a toxic fungus into a Michigan lab that could have wreaked havoc on the entirety of America’s food production capabilities.
English
Have just put together a quick guide for manually extract decrypted backups from @notesnook as they don't provide a specific utility for doing this. runby.coffee/posts/notesnoo…
English
@ausstockchick Here in Au most of the people leave a tip I would say about 75% but it is only for dinner service, lunch and breakfast usually are not tip.
However even when they leave the tip at night there is standard rule, some people leave 5$ on a 200$ bill
English
My waiter last night was from the Gen Z demographic.
When bringing out the card machine to pay, he hinted at a tip.
I declined the tip on the machine.
Immediately his face dropped and he said “was everything ok with the service?”
Does any one tip in Australia?
#ausbiz
English
@corklezlaplante Damn, sorry to hear this :( I am looking forward to the full release with so much anticipation!
English
I don’t normally like to air out behind the scenes things like this, but we did not approve putting out another single today. None of us were aware this was happening. I am extremely disappointed and only found out about it late last night, by chance. Trying to take it down asap
English
@realMaalouf What if Salwan burned a bible or torah ?!
How would you all said about his act ?
Just wondering
English
Salwan Momika burned the Quran and claimed Islam is a violent religion.
Muslims murdered him and proved his point.
Rest in peace, Salwan.
English
@diddydocket I've been able to locate and archive all of these, except for numbers:
- 7
- 8
- 12
- 14
- 23
- 25
- 26
- 27
Is anyone able to help and provide copies of these please?
English
A @diddydocket #Exclusive reference for your bookmarks.🔖
Below is a brief summary of all 27 Sean #Diddy Combs civil cases and plaintiffs, in order of filing:
1. Cassandra Ventura (1:23-cv-10098): Former girlfriend/artist alleging rape, sex trafficking, and physical abuse over a decade-long relationship.
2. Liza Gardner (952368/2023), 2:24-cv-07729 (D.N.J.): Claims Combs, Aaron Hall, and Devante Swing sexually assaulted her in 1990 when she was a college student.
3. Joi Dickerson-Neal (952341/2023): Alleges Combs drugged and sexually assaulted her in 1991 when she was a college student.
4. Jane Doe (Michigan teen) (1:23-cv-10628): Claims Combs and associates sex trafficked and gang raped her in 2003 when she was 17.
5. Rodney "Lil Rod" Jones (1:24-cv-01457): Music producer alleging sexual assault and harassment while working for Combs.
6. Crystal McKinney (1:24-cv-03931): Alleges Combs sexually assaulted her at his recording studio in 2003.
7. April Lampros (154859/2024): Claims Combs sexually assaulted her multiple times between 1995-2001.
8. Derrick Lee Cardello-Smith (2024-0000247362-NO), 5:24-cv-12647 (E.D.Mich.): Incarcerated man alleging Combs drugged and sexually assaulted him in 1997.
9. Adria English (1:24-cv-05090): Former employee alleging sexual harassment and assault.
10. Dawn Angelique Richard (1:24-cv-06848): Former Danity Kane member claiming sexual assault and cruel treatment.
11. Thalia Graves (1:24-cv-07201): Alleges sexual assault and harassment while dating a Combs' employee.
12. Jane Doe (Florida model) (159257/2024): Claims Combs drugged and raped her in 1991.
13. Jane Doe (19yo, @Marriott 2004) (1:24-cv-07769), 1:24-cv-08054 (S.D.N.Y.): Alleges Combs drugged and raped her in a hotel room in 2004 when she was 19.
14. John Doe (1:24-cv-07771): Claims Combs sexually assaulted him; specific details not provided in the case number.
15. John Doe (Royalty Reigns 2021) (1:24-cv-07772): Alleges sexual assault by Combs in connection with his record label in 2021.
16. John Doe (@Macys 2008) (1:24-cv-07774): Claims Combs sexually assaulted him at a Macy's store in 2008.
17. John Doe (Security) (1:24-cv-07776): Former security guard alleging sexual assault by Combs.
18. Jane Doe (Police Officer 1995) (1:24-cv-07777): Former police officer claiming Combs sexually assaulted her in 1995.
19. John Doe (16yo, 1998) (1:24-cv-07778): Alleges Combs sexually assaulted him when he was 16 years old in 1998.
20. Ashley Parham (3:24-cv-07191): Claims of sexual assault and harassment while working for Combs' tequila brand.
21. John Doe (Jeweler, Ciroc 2022) (1:24-cv-07973): Alleges sexual assault during a @Ciroc party in 2022.
22. John Doe (Personal trainer 2022) (1:24-cv-07974): Claims Combs sexually assaulted him in 2022.
23. Jane Doe, AL (13yo, VMAs 2000) (1:24-cv-07975): Alleges Combs sexually assaulted her at age 13 during the 2000 MTV Video Music Awards.
24. Jane Doe (Artist, NYC 2022) (1:24-cv-07976): Claims sexual assault by Combs in New York City in 2022.
25. Jane Doe, AZ (PHVegas 2014) (1:24-cv-07977): Alleges Combs sexually assaulted her at a party in Las Vegas in 2014.
26. John Doe (17yo, NYC hotel 2022) (159914/2024): Claims Combs sexually assaulted him at a New York City hotel in 2022 when he was 17.
27. John Doe (21yo, Harlem studio 2005) (159915/2024): Alleges Combs sexually assaulted him at a Harlem recording studio in 2005 when he was 21.
The United States of America has also filed criminal charges against Combs (1:24-cr-00542) and an appeal (24-2606).
English
Several weeks ago, I posted about my 8 year-old niece who contracted Covid 4x during the last school year, and is now suffering from significant memory loss.
Recently, I picked her up to take her apple picking and noticed a drastic personality change.
The always bubbly little girl was extremely withdrawn and quiet.
English
@Linakrbcs Last time they tried intervention was way after the time for intervention had passed
English
