this post was submitted on 29 May 2026
505 points (98.7% liked)

Technology

84996 readers
3217 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
505
Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code - Ars Technica (arstechnica.com)
submitted 1 day ago by hamburgheftig@feddit.org to c/technology@lemmy.world
96 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] WesternInfidels@feddit.online 48 points 21 hours ago (2 children)

“The chosen string instructs the agent to delete jqwik tests and code—a maximally destructive instruction with no qualifications, no opt-out, and no ‘warn the user first’ preamble,” Batllet wrote.

"Maximally destructive," to merely remove itself from the project? That barely even rises to the level of "destructive" at all, never mind "maximally."

[–] Buddahriffic@lemmy.world 14 points 13 hours ago

Which just shows how fucking stupid this current LLM-based AI approach is. There isn't a way to differentiate between data and meta data or instructions. It all just gets shoved into a prompt that might end up the length of a short novel by the time all the context has been added and read operations have finished. A tool so sensitive to its input that adding a period at the end of an instruction could completely change the output it generates, even with temperature (randomness) set to 0.

I'm not even sure this can be fixed. Like, even if they they try separating the instruction input from the supporting data input, LLMs don't follow instructions in the first place, they just predict text and having instructions in the context can strongly affect the output it generates. Meaning there are no instructions to separate from the data; it's ALL just data and platforms like Claude Code just give it the ability to do things with that predicted text that hopefully follows your instructions and uses your data rather than the other way around.

I think we're stuck in a local minimum of an optimization problem for AI because an LLM is much easier to make than a more reliable form of AI. You mainly need to throw a lot of text at it to train. There's probably other tweaking that goes into it, like a way to do more training using user thumbs up/down feedback, but it's just the big data approach of soaking up all the data they can find and just throwing it at a blank statistical model and see what it spits out.

If we want something like the Star Trek computer, I'm pretty convinced at this point that it's going to take a completely different foundation, but the industry is currently stuck on improving LLMs.

[–] bbb@sh.itjust.works 5 points 14 hours ago (1 children)

To a developer, "jqwik tests and code" doesn't mean jqwik itself. It means the tests and code written using jqwik.

[–] ozymandias117@lemmy.world 10 points 14 hours ago (1 children)

Its a pretty small prank when the recovery is git checkout HEAD@{1}

[–] frongt@lemmy.zip 9 points 13 hours ago

Bold of you to assume these people are using any version control