alt Hacker News> Social engineering won't work on a human security expert who knows and understands the implications of the information they are giving away
Social engineering, like prompt injection, is a context attack — easy to spot if you're ready for it, but harder in different circumstances (rushed, panicked, tired, having a bad day, etc.).
Troy Hunt (security consultant, creator of HaveIBeenPwned) and Cory Doctorow have both been successfully phished [0][1]. They're both tech- and security-savvy people who "should have known better" but it happened to them anyway. But maybe you're different... you'd never fall for an online scam, right? [2]
[0] https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mail...
[1] https://doctorow.medium.com/https-pluralistic-net-2025-04-05...
[2] https://news.harvard.edu/gazette/story/2024/09/youd-never-fa...
> easy to spot if you're ready for it
Are you serious? LLMs, being a computer program, should always "be ready"?
Unless you want to also claim that LLMs can be rushed, panicked, tired or can have a "bad day"!
Jesus! The mental gymnastics people will go through to justify LLMs is just absurd!