RE: https://mastodon.social/@campuscodi/116154291574332497
> We're entering an era where AI agents attack other AI agents. In this campaign, an AI-powered bot tried to manipulate an AI code reviewer into committing malicious code. The attack surface for software supply chains just got a lot wider.
If you have a fediverse account, you can quote this note from your own instance. Search https://social.coop/users/cwebber/statuses/116154573042963148 on your instance and quote it. (Note that quoting is not supported in Mastodon.)
It remains wild that all of these tools - MCP, OpenClaw, not just the entire AI stack but the entire ecosystem - don't think that security matters at all. Validation, sanitization, authentication, none of it. Call it 'autonomous' and yolo it out there for VC clout.
There's relearning the lessons of 90's computing, and then there's the lessons of 1850s London sanitation, of Roman-era waste management. Everyone just lets their cattle shit in the town well, it'll be fine.
