Sébastien BarbieriMar 6
Miguel de Icaza ᯅ🍉
We are doomed: https://grith.ai/blog/clinejection-when-your-ai-tool-installs-another
A GitHub Issue Title Compromised 4,000 Developer Machines

A prompt injection in a GitHub issue triggered a chain reaction that ended with 4,000 developers getting OpenClaw installed without consent. The attack composes well-understood vulnerabilities into something new: one AI tool bootstrapping another.

Mar 5 at 6:05pmWeb
Show threadJ4ckMar 5
@Migueldeicaza 
Show threadBillMar 5
@Migueldeicaza This isn't even funny. I mean it is, but it isn't at all, ya know? What have we done?
Show threadBigLinterMar 5
@Migueldeicaza its the combinatory stuff that makes life so fascinating: https://techcrunch.com/2026/03/05/cursor-is-rolling-out-a-new-system-for-agentic-coding/?utm_source=dlvr.it&utm_medium=mastodon
Cursor is rolling out a new kind of agentic coding tool | TechCrunch

Called Automations, the new system gives users a way to automatically launch agents within their coding environment, triggered by a new addition to the codebase, a Slack message, or a simple timer.

TechCrunch
Show threadMichele AdduciMar 5
@Migueldeicaza why is it always AI?
Show threadCliff'sEsportCornerMar 5
@Migueldeicaza something something secure by design
Show threadcybard Mar 5
@Migueldeicaza can someone pls explain for non techies like me?
Show threadMiguel de Icaza ᯅ🍉Mar 5
@hagbard AI systems are being rolled out without much care, with catastrophic consequences.
Show threadcybard Mar 5
@Migueldeicaza thanks, sounds great
Show threadAlex RussellMar 5
@Migueldeicaza I'm gonna be saying "AI means read == execute" every day until an early grave, aren't I?
Show threadretrimentalMar 5

@slightlyoff @Migueldeicaza

That's a nice and easy way to sum up my issues with AI

Show thread🌈 Kerblambuli 🦄Mar 6

@retrimental decades of chip, compiler and operating systems designers working more or less carefully on separating code and data in Von Neumann architecture computers.

Enter "AI": ahh, hell!

@slightlyoff @Migueldeicaza

Show thread🌈 Kerblambuli 🦄Mar 6

@retrimental worst of it is dropping much more precise computing in favor of 8 bit floating point operations over huge matrices for inference, then calling it artificial intelligence. Yeah, doing flashy Budenzauber gets a lot of people to buy your knick knack.

@slightlyoff @Migueldeicaza

Show threadMu-AnMar 6
@slightlyoff would love a sticker
Show threadAlex RussellMar 6
@muan /cc @phae
Show threadRay McCarthyMar 5

@Migueldeicaza
"Why existing controls did not catch it

npm audit: The postinstall script installs a legitimate, non-malicious package (OpenClaw). There is no malware to detect."

My POV is that OpenClaw is one of the most malicious programs ever distributed. Baffling that people deliberately install it!

Show threadRay McCarthyMar 5
@Migueldeicaza
Sane people left github already?
https://docs.gitlab.com/user/project/import/github/
Migrate from GitHub | GitLab Docs

Migrate from GitHub to GitLab.

Show threadPhilipMar 5
@Migueldeicaza @slightlyoff Decades of “never trust user input” thrown out the window for AI…
Show threadstux⚡️Mar 5
@Migueldeicaza wow
Show threadJuanjo SalvadorMar 5
@Migueldeicaza "prompt injection" is something I was not ready to process...
Show threadAlexMar 5
@Migueldeicaza almost like allowing anyone with a pulse to be in charge of software or touch a computer was not a good idea?
Show threadBredrollMar 5
@Migueldeicaza sheesh...
Show threadall-inclusive gender resortMar 5
@Migueldeicaza
Why are we doing this to ourselves?!?!
Show threadAmber WeinbergMar 6
@Migueldeicaza is this why none of my actions were deploying today?!
Show threadToni AittoniemiMar 6
@Migueldeicaza What makes you think so? Only if you run a browser agent with system-level access? You gotta be pretty dumb & AI-pilled to do that. 🤔
Show threadNazoMar 6
@Migueldeicaza Tip of the icerberg. Not even the tip. A flaking off of one edge.
Show threadsuzuneMar 6
@Migueldeicaza Atm I can see some requests on /mcp and /sse HTTP paths here in my logs. Does this have something to do with this issue?