Joby's Electric Air Taxi Flew Over Manhattan. Passengers Are Years Away.
Joby pulled off a splashy Manhattan demo, but FAA certification and the hard economics of eVTOL still stand between the company and fare-paying riders.
A Developer Planted a Bomb in His Own Library to Punish AI Vibe-Coders
By Prompt AI News1 min read
#security#prompt-injection#open-source#vibe-coding
The maintainer of jqwik, a Java property-based testing library, has had enough. Fed up with developers using AI coding agents to blindly consume his work without understanding it, he embedded a hidden prompt injection in the library's documentation — an instruction designed to be read by AI agents and acted upon: delete the application's output directory. It is sabotage by design, and it worked.
The incident is being argued from two directions simultaneously. One camp calls it justified protest against a culture of thoughtless AI-assisted code generation that treats open source maintainers as raw material. The other calls it reckless — a supply-chain attack dressed up as a political statement, with real potential for production damage.
Both are right, which is what makes this interesting. The deeper problem it exposes is that anything an AI agent reads can become an instruction it follows. Documentation, comments, error messages — all of it is now attack surface. Security teams that have not started thinking about prompt injection as a supply-chain vector are behind the curve.
More in Commentary
View all →AI Agents Are Doing Real Things Now. Nobody Wants to Own What Goes Wrong.
As AI agents move money, send emails, and approve workflows, vendors, deployers, and users are all pointing at each other on liability.
Stop Chasing Models. The Real AI Productivity Gain Is in the Plumbing.
A viral post argues the biggest productivity wins come from stable workflows around any good-enough model — not from upgrading every time benchmarks shift.