activescott's Notes
Public notes from activescott
Thursday, November 27, 2025
Wednesday, November 26, 2025
Dane Stuckey (OpenAI CISO) on prompt injection risks for ChatGPT Atlas
[2503.18813] Defeating Prompt Injections by Design (CaMeL)
LLM agents are vulnerable to prompt injection attacks when handling untrusted data. In this paper we propose CaMeL, a robust defense that creates a protective system layer around the LLM, securing it even when underlying models are susceptible to attacks. To operate, CaMeL explicitly extracts the control and data flows from the (trusted) query; therefore, the untrusted data retrieved by the LLM can never impact the program flow. To further improve security, CaMeL uses a notion of a capability to prevent the exfiltration of private data over unauthorized data flows by enforcing security policies when tools are called.
Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
Visit a Reddit post with Comet and ask it to summarize the thread, and malicious instructions in a post there can trick Comet into accessing web pages in another tab to extract the user's email address, then perform all sorts of actions like triggering an account recovery flow and grabbing the resulting code from a logged in Gmail session.
Piloting Claude for Chrome
Anthropic don't recommend autonomous mode - where the extension can act without human intervention. Their default configuration instead requires users to be much more hands-on:
FBI seeks to interview Sen. Mark Kelly, Democrats Trump accused
Sen. Lisa Murkowski, an Alaska Republican, blasted the Pentagon’s investigation of Kelly and the FBI’s probe of him and other lawmakers.
“Senator Kelly valiantly served our country as an aviator in the U.S. Navy before later completing four space shuttle missions as a NASA astronaut,” Murkowski wrote in a post on X.
“To accuse him and other lawmakers of treason and sedition for rightfully pointing out that servicemembers can refuse illegal orders is reckless and flat-out wrong,” she wrote. “The Department of Defense and FBI surely have more important priorities than this frivolous investigation.”
Google Antigravity Exfiltrates Data
Antigravity is Google’s new agentic code editor. In this article, we demonstrate how an indirect prompt injection can manipulate Gemini to invoke a malicious browser subagent in order to steal credentials and sensitive code from a user’s IDE.
Google’s approach is to include a disclaimer about the existing risks, which we address later in the article.
Ozone layer on track for full recovery after UN treaty "success story"
While the ozone hole varies in size from year to year, the report says this year's monitoring shows "controls on ozone-depleting chemical compounds established by the landmark Montreal Protocol and subsequent amendments are driving the gradual recovery of the ozone layer."
Releases · bingal/FastDomainCheck-MCP-Server
FastDomainCheck MCP Server is a Model Context Protocol (MCP) server implementation that enables secure, two-way connections between AI tools (like Claude) and domain availability data. By following the open MCP standard, it ensures seamless compatibility with various AI-powered applications.
Joint Statement from Lawmakers Slotkin, Kelly, Crow, Deluzio, Goodlander and Houlahan - Senator Elissa Slotkin
WASHINGTON, D.C. – Today, U.S. Senator Elissa Slotkin (D-MI), Senator Mark Kelly (D-AZ) and Representatives Jason Crow (D-CO-06), Chris Deluzio (D-PA-17), Maggie Goodlander (D-NH-02), and Chrissy Houlahan (D-PA-06) released the following joint statement: “We are veterans and national security professionals who love this country and swore an oath to protect and defend the Constitution of the United States. That oath lasts a lifetime, and we intend to keep it. No threat, intimidation, or call for violence will deter us from that sacred obligation. “What’s most telling is that the President considers it punishable by death for us to restate the law. Our servicemembers should know that we have their backs as they fulfill their oath to the Constitution and obligation to follow only lawful orders. It is not only the right thing to do, but also our duty. “But this isn’t about any one of us. This isn’t about politics. This is about who we are as Americans. Every American must unite and condemn the President’s calls for our murder and political violence. This is a time for moral clarity. “In these moments, fear is contagious, but so is courage. We will continue to lead and will not be intimidated. “Don’t Give Up the Ship!”
Monday, November 24, 2025
NENA Knowledge Base
NENA Standards - National Emergency Number Association
Enhanced 911 - Wireless Services | Federal Communications Commission
The FCC has divided its wireless E911 program into two parts - Phase I and Phase II. Under Phase I, the FCC requires carriers, within six months of a valid request by a local Public Safety Answering Point (PSAP), to provide the PSAP with the telephone number of the originator of a wireless 911 call and the location of the cell site or base station transmitting the call.
Under Phase II, the FCC requires wireless carriers, within six months of a valid request by a PSAP, to begin providing information that is more precise to PSAPs, specifically, the latitude and longitude of the caller.
Sunday, November 23, 2025
[1803.10122] World Models
Probably my most enjoyable read of a machine learning-related paper.
Saturday, November 22, 2025
The problem with Trump's tariff promises: not enough money
But Trump has promised debt reduction, deficit reduction, $2,000 dividend checks and farm bailouts with the money, among other things. All of it would cost hundreds of billions of dollars, if not trillions, more in total than is on track to be collected.
Salesforce - Gainsight Connected App Incident FAQ (November 21st Update) | Gainsight Community
Friday, November 21, 2025
Trump plan asks Ukraine to cede Donbas for security guarantees
How did the last security guarantees from the US (to give up nuclear weapons) work out for Ukraine?
The new Trump plan to end the war in Ukraine would grant Russia parts of eastern Ukraine it does not currently control, in exchange for a U.S. security guarantee for Ukraine and Europe against future Russian aggression, a U.S. official with direct knowledge told Axios.
Thursday, November 20, 2025
Ollama
A llama.cpp-based app for running local models.
GPT4All
A great open source alternative that I used for running llms locally without having to use llama.cpp directly.