Maybe we need a CORS spec for llms? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ElectronShak 6 months ago \| parent \| context \| favorite \| on: Agentic Browser Security: Indirect Prompt Injectio... Maybe we need a CORS spec for llms?

ec109685 6 months ago [–]

The only safe CORS spec is CORS. Have to treat everything the LLM is doing as malicious.

It’s actually worse than that though. An LLM is like letting attacker controlled content on the page inject JavaScript back into the page.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact