More info and registration: fediforum.org/2026-0...
4/4

I guess the only thing left to figure out is if you can get AI psychosis from falling in love with the AT&T search box

Doing this was like 2-3 hours of work. Just to put a number on it for people. I'm only able to take time to do these things thanks to my supporters: support.thisismissem.social

@jenzi @tomcasavant.com yeah, my guess is in any scenario where any input requires some sort of authentication you'll be fine (even in your scenario where you don't consume credits, technically vulnerable but I assume you'd be able to track users responsible for API abuse and block them)

@jenzi @tomcasavant.com that's the issue though, I dont _need_ your OpenAI api key. If you have a site that takes input and outputs an LLM generated response. Then I can just use prompt injection and the unprotected endpoints and make it do whatever I need.

2/2 But in the AI era, I am purposely going more ‘human’ again. Given the deluge of AI slop out there, the best way I can stand out as a journalist is to lean in even more on my humanity. To double down on subjectivity, draw on my human experiences and instincts, tap into my emotions and […]

@jenzi @tomcasavant.com

I wrote a thread about it (https://tomkahe.com/@tom/115922752217990398)

But the gist is, every single public facing LLM has 2 properties: One is that, by necessity, the underlying API calls it makes are plainly available (or else your browser wouldn't be able to use the […]

Anyways, all the services mentioned in this thread, and many more, have been put together in a basic python library that lets you interface with any of them anywhere. Probably, to be safe, I recommend only using this behind a VPN:

https://github.com/TomCasavant/openllms

And also the Maubot […]

There's also at least one major city that has a public chat bot, New York (a few years ago they seemed to have gotten in trouble for telling businesses they were allowed to take tips from employees). But yes, it's public, so obviously suffers from the same fault that they all do.

And for some reason there's an entire industry (at least 3 different companies that I stumbled upon but likely many more?) who's main purpose seems to be creating a widget that is a wrapper for their API that is a wrapper for OpenAI or Gemini's API? Surely, that is either not profitable or will […]

And I mention this in the blog, but I'm really not sure how bad this actually is. I have no concept for how much it costs (per token) for each of these services (or if they even charge per-token). I imagine it's significantly more than _not_ hooking it into an LLM.

It seems unnecessary to me […]

And finally, after a lot of debugging. I figured out how to let Shopify search take control of my home.

(Note: the voice to text is not provided by Shopify obviously. Just the conversational model that translates text to an action)

And since I now had my own Ollama API with access to all these new models, I searched around for other use-cases.

Which is when I remembered #homeassistant lets you use models as your own personal voice assistant. So I messed around with the model that powers […]

[Original post on tomkahe.com]

Of course, just being able to talk to a customer service bot seems like a very big waste of everyone's time. So, the next step was actually prompt injecting these bots. I built a basic Flask server that would mimic the ollama API and a brief mess-around with the […]

[Original post on tomkahe.com]

I started experimenting with this theory late last weekend and realized that LLMs were deployed in customer support bots in dozens (if not hundreds?) of websites. And _every single one_ was vulnerable to the same bug. So, I gathered all of them up, and packaged […]

[Original post on tomkahe.com]

Unfortunately, as nearly everyone knows, _every_ LLM is susceptible to prompt injection.
Some people predict that prompt injection will _always_ be a problem for LLMs. And if I can tell your LLM to do what I want it to do, suddenly your exposed 'search' API endpoint is _incredibly_ valuable to […]