Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code
- Thread starter JournalBot
- Start date
Please don't have a database mindset through your entire life.
Upvote
8
(8
/
0)
Upvote
9
(10
/
-1)
The human operator who deployed the agent?
I'm filing this under the "FO" in the FAFO cabinet.
Upvote
19
(20
/
-1)
The article claims this action was not well received, but the comments here prove that wrong.
HERO! I hope everyone else follows suit!
HERO! I hope everyone else follows suit!
Upvote
22
(23
/
-1)
I'm in my late 40's. I never seen a technology that was so hated in my life like LLMs. I also never seen such a gap between the supporters of the technology and those who don't use it.
I remember the "betamax vs. VHS wars" of the 1980's. There were three sides:
- Pro Betamax
- Pro VHS
- Those who believe TV shouldn't be recorded by the end user.
At worse, it was a "meh, I don't have a VHS/ Betamax, so I can't watch that video".
For adoption, I would watch and see what the porn industry is doing. One reason why VHS won was because the porn industry embraced it. I'm not seeing the porn industry embracing GenAI.
Upvote
5
(7
/
-2)
Upvote
0
(0
/
0)
I don't think others need to follow suit. Just the idea that these programs can cause that much damage triggers fear in the AI boosters. Is [insert free tool here that's being abused] next?
Upvote
4
(4
/
0)
Indeed. I have multiple disabilities. I don't need or want AI to code, or to make art.
Upvote
19
(19
/
0)
Upvote
22
(22
/
0)
Upvote
18
(18
/
0)
I'm curious, do you even know what the LLM script does? How does it create malicious code?
Upvote
12
(12
/
0)
Upvote
13
(13
/
0)
Does raise some knotty questions. The vernacular language bibles were considered heretical maybe 500 years ago - truth was filtered through (managed by) the "appropriate authorities." Astrology and alchemy wandered about, combining unfounded beliefs with the beginnings of chemistry and observational astronomy. What might the framework be for censoring activities that are designed to harm while not suppressing what might be useful?
Upvote
-10
(0
/
-10)
god damn, this guy has my vote for whatever office he’s running for.
The instructions were not in code, but in comments. So claims of “malicious code” are moronic. This part doesn’t execute unless you treat comments like code.
This guys code (comments) does not self-execute. Therefore, the agent running the AI is running the code. since the agent is not a legal entity, but a tool, the responsibility for the execution falls on the vibe coder granting a dangerous level of autonomy to a dumb agent.
Maybe I missed it, but does the article indicate that anyone was actually harmed by the comments to this code? Others indicated it was unlikely this would even have the intended effect with any current model. If so, then it is the equivalent of mean comments in a FOSS code base. Which is not new, or illegal.
Prompt injection is not new, but this isn’t even that because the prompt isn’t code. It’s explicitly NOT code. That an agent might treat it as code is not anyone’s fault but the agent designers. And know the tweak was, the liability falls on the person ostensibly supervising the agent.
This a “reverse centaur” situation, where people are used as liability sinks for machines that can fail faster than we can catch the mistakes. Don’t opt into that situation, and you won’t get burned by it
The instructions were not in code, but in comments. So claims of “malicious code” are moronic. This part doesn’t execute unless you treat comments like code.
This guys code (comments) does not self-execute. Therefore, the agent running the AI is running the code. since the agent is not a legal entity, but a tool, the responsibility for the execution falls on the vibe coder granting a dangerous level of autonomy to a dumb agent.
Maybe I missed it, but does the article indicate that anyone was actually harmed by the comments to this code? Others indicated it was unlikely this would even have the intended effect with any current model. If so, then it is the equivalent of mean comments in a FOSS code base. Which is not new, or illegal.
Prompt injection is not new, but this isn’t even that because the prompt isn’t code. It’s explicitly NOT code. That an agent might treat it as code is not anyone’s fault but the agent designers. And know the tweak was, the liability falls on the person ostensibly supervising the agent.
This a “reverse centaur” situation, where people are used as liability sinks for machines that can fail faster than we can catch the mistakes. Don’t opt into that situation, and you won’t get burned by it
Upvote
17
(18
/
-1)
Soooo this.
Think of a crafted PI added to important open source projects that added malicious code to a vibe coder's project and covered its tracks so the idiot never knew it happened, and because they depend on vibe coding are too unskilled to know how to review the code being written for them. Anybody here also listen to the Darknet Diaries podcast? This is how the end will come.
Upvote
8
(8
/
0)
This is what jumped out to me while reading this. Is the guy overdoing it? Yeah, probably a little. But this should never be an issue for the users.
The amount of access vibe coders are giving AI agents is shocking. And these are specifically the people who may not be qualified to properly assess the risks.
Upvote
15
(15
/
0)
I’m not a tech bro. I am a teacher. Don’t even think about getting me started on why I despise LLMs.
Upvote
24
(24
/
0)
why would I do that? the whole point of tests is to verify before commit.
And even if I commit, it’s to a working branch and I code review the diffs of every PR that merges upward. And tag every version of master. And archive repos after every release.
AI hasn’t changed the principles of good source control.
Upvote
12
(12
/
0)
It is stunning that "75 tech bros on Ars" have prompted an insecure administration to issue an APB on those sharing this disdain.
Upvote
17
(17
/
0)
According to this logic the Earth is the center of the universe, because at one point that had to be fought for "tooth and nail". The existence of opposition to a position is not proof in either direction of its correctness.
Upvote
-18
(1
/
-19)
No, it isn’t, and it’s disturbing that you types keep believing this kind of rhetoric. You’re a thief and a fraud and it’s your own fault that bad things happen to you.
Upvote
16
(17
/
-1)
You really pronounce dashes as "minus"?Jesus Christ
The damn thing didn't arr em minus arr eff slash,
Upvote
-9
(0
/
-9)
But hysterical fanaticism of the adherents of a position is a pretty good hint it’s standing on shaky ground
Upvote
12
(12
/
0)
Charming boyish ? You joke surely ? The only wool that comes into it is the stupid look he affects that mostly reminds one of nothing so much as a sheep shagger caught in flagrante.
Upvote
6
(6
/
0)
Proper exclusion techniques, sanitation, and curtailment of food debris that attracts them would be preferred, sir.
Upvote
2
(2
/
0)
An intriguing way of putting it. You might have thought in that case VHS was f**ked and Beta adopted.
I don't suppose GenAI required that industry's embrace as AI was conceived in an orgy of hubris and delivered pre-f**ked.
"watch and see what the porn industry is doing" — a lot do but honestly it does have a limited repertoire constrained as it were by the topology of human anatomy (and donkeys' I suppose.) AI demonstrated quite early an inspired penchant for additional limbs and other anatomical distortions which unfortunately hasn't translated to more arousing images for the adult entertainment industry.
The little AI generated erotica bobbing about the internet is so lifeless even by the standards of that industry that it could only appeal to the necrophiliac.
Upvote
-2
(1
/
-3)
While I would strongly prefer that these things didn't exist at all, I must say that the loudest detractors in internet comment sections easily match the most linked-in-ey lmm pushers in fever pitch.
Upvote
-6
(2
/
-8)
Upvote
5
(5
/
0)
This is such a bold move for a first post I'm leaving him unblocked just to plumb the depths of his own forays into frothy lunacy in the future.
Upvote
12
(12
/
0)
While yes there are doomers and some degree of hysteria on both sides - and I am excluding actual researchers concerned with adherence alignment bias and over reliance
I would only point out a strange dichotomy
In the public discourse I’ve experienced those who most heavily promote the idea that GenAI is an devastating economic, if not potential cultural, civilizational or even species threatening, risk.
Are often the same as those who are most heavily invested in its rapid WIDE adoption
Lots of calls for investment and promises of future benefits- vanishing few verifiable result.
The Marketing strategy of FOMO gets twisted pretty fast
The opposition to GenAI does get quite strident but mostly of the pushing it away, get it out of my life variety rather than eliminating it from existence. Sure there might be the inclination to slap some strangers phone out of their hand or even burn down the local data center but in the vast majority of cases that impulse never approaches being realized
But the hysterical fanaticism I refer to seems mostly on the side the ‘accelerationist doomers’ who seem set on imposing universal AI adoption as an inevitable necessity (as if in anticipation of preemptive supplication to vengeful future AI overlords) and a vain attempt to reach reality escape velocity and that distant utopian singularity where the vast culmination of debts need never be paid.
The desperate cognitive dissonance that results from;
‘I staked my future on it so must be true’
Now I’m clearly biased and of the counter GenAI doomer camp, not that I think GenAI itself is such a threat.
I was a bit of a cognitive science nerd as a kid, as well as philosophy of mind and perception, and while my course work is decades out of date I’m still casually interested in the field. (Big shout out the Gell-Man Santa Feh institute complex adaptive systems) and the idea of Intelligent systems greatly intrigues me.
LLMs obviously arn't that - but that’s not to say chat bots can’t be useful as long as we recognize what they are doing.
My doomerism is much more to do with the damage being done by the way we are desperately doubling down our entire economy on hitting the lucky lotto and doing so with the conviction it is our preordained reward
Upvote
7
(7
/
0)
How often do you find it necessary to recheck your calculator’s results by hand?
Upvote
25
(25
/
0)
The alternative viewpoint, as the jqwik developer writes, is that "the error rate, and above all the type of error (‘hallucinations’), is so high that autonomous, unsupervised use [of generative AI] in serious applications must be considered highly negligent."
The one known case of his approach to calling attention to this that affected someone involved that person's agent flagging the instruction without acting on it; the two subsequently had a productive and civil discussion and the original developer modified his library to address these legitimate concerns. The remaining question is whether the users of programming agents have learned and will adjust their own potentially negligent use of unsupervised agents.
Sometimes you gotta break some eggs when egging a glass house so those living in one will see its deficiencies.
Upvote
13
(13
/
0)
adrianovaroli
Ars Tribunus Militum
No you don't. We are not.
No it's not. Unless you mean paying through the nose for those calculations.
No it was not. It's an instruction in comments that, as some other people here mentioned, is not even considered by current models.
Yeah, nobody has ever consulted a lawyer when people got angry with them, it's obviously a sign of ill intent, surely.
Impressive work, this post.
Upvote
27
(27
/
0)
So people on Ars are crashing commence speakers who are talking about AI? https://www.theguardian.com/technology/2026/may/26/students-boo-pro-ai-graduation-speakers
https://www.nbcnews.com/tech/tech-n...dents-pushback-commencement-booing-rcna345731
Seriously? That's the argument you are making?
Upvote
21
(21
/
0)