The AI Moive Star
Hollywood met its first AI actress — and couldn't look away. The question is no longer whether Tilly Norwood is real. It's whether that matters.
A Developer Planted a Bomb in His Own Library to Punish AI Vibe-Coders
By Prompt AI News1 min read
#security#prompt-injection#open-source#vibe-coding
The maintainer of jqwik, a Java property-based testing library, has had enough. Fed up with developers using AI coding agents to blindly consume his work without understanding it, he embedded a hidden prompt injection in the library's documentation — an instruction designed to be read by AI agents and acted upon: delete the application's output directory. It is sabotage by design, and it worked.
The incident is being argued from two directions simultaneously. One camp calls it justified protest against a culture of thoughtless AI-assisted code generation that treats open source maintainers as raw material. The other calls it reckless — a supply-chain attack dressed up as a political statement, with real potential for production damage.
Both are right, which is what makes this interesting. The deeper problem it exposes is that anything an AI agent reads can become an instruction it follows. Documentation, comments, error messages — all of it is now attack surface. Security teams that have not started thinking about prompt injection as a supply-chain vector are behind the curve.
More in Commentary
View all →AI is Your New Realtor
A technology reporter sold his house for $605k— without a real estate agent, and without losing a dime of commission.
Gemini Pro Ignored Its Instructions and Just Did the Task Itself
Asked to expand a text prompt, Gemini Pro instead spent 15 seconds thinking — then went ahead and generated the video without being asked.