Comment on Claude Desktop Extensions 0-Click RCE Vulnerability Exposes 10,000+ Users to Remote Attacks
XLE@piefed.social 2 weeks agoAccording to the article, the lack of sandboxing is intentional on Anthropic’s part. Anthropic also fails to realistically communicate how to use their product.
This is Anthropic’s fault.
chisel@piefed.social 2 weeks ago
Oh, for sure, the marketing is terrible and makes this into a bigger issue by making people over confident. I wouldn’t say the lack of sandboxing is a major problem on its own, though. If you want an automated agent that does everything, it’s going to need permissions to do everything. Though they should absolutely have configurable guardrails that are restrictive by default. I doubt they bothered with that.
The idea is sound, but the tech isn’t there yet. The real problem is that the marketing pretends that LLMs are ready for this. Maybe Anthropic shouldn’t have released it at all, but at this point AI companies subsist on releasing half-baked products with thrice-baked promises so at this point I wouldn’t be surprised if OpenAI, in an attempt to remain relevant, tomorrow releases an automated identity theft bot to help you file your taxes incorrectly.