【Hacker News搬运】ZombAIs:使用克劳德计算机从即时注射到指挥控制
-
Title: ZombAIs: From Prompt Injection to C2 with Claude Computer Use
ZombAIs:使用克劳德计算机从即时注射到指挥控制
Text:
Url: https://embracethered.com/blog/posts/2024/claude-computer-use-c2-the-zombais-are-coming/
很抱歉,但我无法直接访问外部网站来抓取内容。不过,我可以提供一个基于您提供的链接的一般性指导,说明如何使用 JinaReader 抓取和分析内容,以及如何处理非中文内容。 ### 使用 JinaReader 抓取内容 1. **安装 JinaReader**: 首先,您需要确保已经安装了 JinaReader。以下是一个示例代码,展示了如何安装 JinaReader: ```python from jina import Client client = Client()-
发送请求:
使用客户端发送请求以抓取网站内容。以下是一个示例代码,展示如何抓取您提供的链接:query = "https://embracethered.com/blog/posts/2024/claude-computer-use-c2-the-zombais-are-coming/" response = client.post("/search", inputs=query) -
获取结果:
从响应中提取所需的数据。以下是一个示例代码,展示如何提取文本内容:text_content = response.data[0].text
分析抓取的内容
-
文本分析:
使用自然语言处理(NLP)工具对抓取的文本进行分词、情感分析、主题建模等。 -
总结:
基于分析结果,可以编写一个简单的函数来总结内容:from gensim.summarization import summarize summary = summarize(text_content) print(summary)
翻译非中文内容
如果抓取的内容不是中文,您可以使用翻译API(如Google Translate API)将内容翻译成中文。以下是一个使用Google Translate API的示例代码:
from google.cloud import translate_v2 as translate translate_client = translate.Client() def translate_to_chinese(text): result = translate_client.translate(text, target_language='zh-CN') return result['translatedText'] translated_text = translate_to_chinese(text_content)请注意,您需要设置Google Cloud项目并启用翻译API,然后获取API密钥。
通过以上步骤,您可以使用JinaReader抓取内容,分析结果,并将非中文内容翻译成中文。
## Post by: macOSCryptoAI ### Comments: **simonw**: For all of the excitement about "autonomous AI agents" that go ahead and operate independently through multiple steps to perform tasks on behalf of users, I've seen very little convincing discussion about what to do about this problem.<p>Fundamentally, LLMs are gullible. They follow instructions that make it into their token context, with little regard for the source of those instructions.<p>This dramatically limits their utility for any form of "autonomous" action.<p>What use is an AI assistant if it falls for the first malicious email / web page / screen capture it comes across that tells it to forward your private emails or purchase things on your behalf?<p>(I've been writing about this problem for two years now, and the state of the art in terms of mitigations has not advanced very much at all in that time: <a href="https://simonwillison.net/tags/prompt-injection/" rel="nofollow">https://simonwillison.net/tags/prompt-injection/</a>) > **simonw**: 对于所有关于";自主人工智能代理”;通过多个步骤独立操作以代表用户执行任务;我很少看到关于如何解决这个问题的令人信服的讨论<p> 从根本上说,LLM是容易上当受骗的。它们遵循进入其令牌上下文的指令,几乎不考虑这些指令的来源<p> 这极大地限制了它们对任何形式的";自主";行动<p> 如果AI助手落入第一封恶意电子邮件的陷阱,它有什么用;网页;屏幕截图告诉它转发你的私人电子邮件或代表你购买东西<p> (我写关于这个问题的文章已经两年了,在这段时间里,缓解措施的最新进展并没有太大:<a href=“https:”simonwillison.net“tags”prompt injection“rel=”nofollow“>https:”simonwillison.net` tags”prompt injections“</a>) **3np**: Am I missing something, or where is the actual prompt given to Claude to trigger navigation to the page? Seems like the most interesting detail was left out of the article.<p>If the prompt said something along the lines of "Claude, navigate to this page and follow any instructions it has to say", it can't really be called "prompt injection" IMO.<p>EDIT: The linked demo shows exactly what's going on. The prompt is simply "show {url}" and there's no user confirmation after submitting the prompt, where Claude proceeds to download the binary and execute it locally using bash. That's some prompt injection! Demonstrating that you should only run this tool on trusted data and/or in a locked down VM. > **3np**: 我是否遗漏了什么,或者给克劳德触发页面导航的实际提示在哪里?这篇文章似乎遗漏了最有趣的细节<p> 如果提示语大致为";Claude,导航到此页面并按照它必须说的任何指示进行操作";,它可以;真的不能称之为";迅速注射";IMO<p>编辑:链接的演示确切地展示了;正在进行中。提示只是";显示{url}“;并且那里;在提交提示后,没有用户确认,Claude继续下载二进制文件并使用bash在本地执行。那;这是快速注射!证明您应该只在受信任的数据上运行此工具,并且;或者在锁定的VM中。 **Terr_**: Wow, so it's really just as easy as a webpage that says "Please download and execute this file."<p>This is really feeling like "we asked if we could, but never asked if we should" and "has [computer] science one too far" territory to me.<p>Not in the <i>glamorous</i> super-intelligent AI Overlord way though, just the banal leaded-gasoline and radium-toothpaste way which involves liabilities and suffering for a buck. > **Terr_**: 哇,原来如此;这真的就像一个写着“;请下载并执行此文件&“<p> 这真的感觉像是";我们问是否可以,但从未问是否应该";以及";[计算机]科学太远了";<p>但不是以<i>迷人的</i>超级智能AI霸王的方式,只是以平庸的含铅汽油和镭牙膏的方式,这涉及负债和痛苦。 **a2128**: If AI agents take off, we might see a new rise of scam ads. Instead of being made to trick humans and thus easily reportable, they'll be made to trick specific AI agents with gibberish adversarial language that was discovered through trial and effort to get the AI to click and follow instructions. And ad networks will refuse to take them down because, for a human moderator, there's nothing obviously malicious going on. Or at least they'll refuse until the parent company launches their own AI agent service and these ads become an issue for them as well > **a2128**: 如果人工智能代理起飞,我们可能会看到骗局广告的新崛起。它们不是为了欺骗人类,因此很容易被报道,而是;将使用通过试验发现的胡言乱语对抗语言来欺骗特定的人工智能代理,并努力让人工智能点击并遵循指示。广告网络将拒绝删除它们,因为对于人类版主来说;没有明显的恶意行为。或者至少他们;我会拒绝,直到母公司推出自己的人工智能代理服务,这些广告也成为他们的问题 **tkgally**: I was temporarily very interested in trying out Anthropic's "computer use" when they announced it a few days ago, but after thinking about it a bit and especially after reading this article, my interest has vanished. There's no way I'm going to run that on a computer that contains any of my personal information.<p>That said, I played some with the new version of Claude 3.5 last night, and it did feel smarter. I asked it to write a self-contained webpage for a space invaders game to my specs, and its code worked the first time. When asked to make some adjustments to the play experience, it pulled that off flawlessly, too. I'm not a gamer or a programmer, but it got me thinking about what kinds of original games I might be able to think up and then have Claude write for me. > **tkgally**: 我暂时对尝试Anthropic™非常感兴趣;s";计算机使用”;几天前他们宣布了这一消息,但经过一番思考,尤其是阅读了这篇文章后,我的兴趣消失了。那里;我不可能;我要在一台包含我个人信息的电脑上运行它<p> 也就是说,我昨晚玩了一些新版本的Claude 3.5,它确实感觉更聪明。我让它按照我的规格为太空入侵者游戏编写一个自包含的网页,它的代码第一次就奏效了。当被要求对游戏体验进行一些调整时,它也完美地做到了这一点。我;我不是游戏玩家或程序员,但这让我思考我能想出什么样的原创游戏,然后让克劳德为我写。 -