Hacker News new | past | comments | ask | show | jobs | submit login

It is concerning, but I am not sure whether it is more concerning than that it's so hard to write a web browser that doesn't execute arbitrary code. Security is like that, and security is especially hard when the system is featureful like web browsers and LLMs.



The issue is that with LLMs it's fundamentally impossible to have a "prepared statement" (the database query concept), whereas a web browser has no problem in principle being a safe sandbox. With LLMs, we have no idea how to make them safe even in principle. This has nothing to do with "security is hard" hand-waving.


I'm excited to share that this is already supported, and I highly recommend leveraging it for safer application deployments. https://platform.openai.com/docs/guides/function-calling


> hard to write a web browser that doesn't execute arbitrary code

It would be easy if only we could define what “code” and “execute” means. The problem is, we can’t. Data is code and code is data. Doing things depending on data is fundamentally the same as executing code.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: