Tom Morris

So glad the years of hardening of enterprise security are going to be undone by executives reading some bullshit on LinkedIn. Very cool. Pushing the boulder back up the hill for the 157th time is a guarantee of job satisfaction.

https://grith.ai/blog/clinejection-when-your-ai-tool-installs-another

A GitHub Issue Title Compromised 4,000 Developer Machines

A prompt injection in a GitHub issue triggered a chain reaction that ended with 4,000 developers getting OpenClaw installed without consent. The attack composes well-understood vulnerabilities into something new: one AI tool bootstrapping another.

Mar 6 at 8:29amIceCubesApp
Show threadTom MorrisMar 6

The compliance checklist crew have spent the last ten years nagging software developers to sign and seal Form B7-C in triplicate providing a detailed explanation as to why exactly they have the temerity to want to have Python installed on their laptop… but no questions at all get raised when senior leaders wants to play Russian roulette with the entire tech stack so they can have goddamn Claude answer their emails.

What in the name of fuck is everyone smoking and where can I get some?

Show threadTom MorrisMar 6
The last corporate laptop I used locked down Excel so hard I couldn’t make a pivot table… but about every three hours I got an ad for how Copilot would magically make my life better in unspecifiable ways.
Show threadRichardMar 6
@tommorris Ever has it been thus. I remember the havoc iPhones created between execs and their IT people, causing Apple to focus their second iteration entirely on resolving that specific conflict.
Show threadKevin PriesterMar 6
@tommorris ~15 years ago our "leaders" brought in "agile coaches". They insisted we have a team name. I immediately said 'Team Sisyphus'. I think the boulder is getting bigger by the day.