13 comments

[ 3.6 ms ] story [ 38.7 ms ] thread
(comment deleted)
(comment deleted)
(comment deleted)
Injection is runtime data, so 'compile-time' overstates it. A type system can taint-track — mark untrusted input, block it from a privileged sink. Valuable, but that's enforcement, not detection.
Congratulations! It's great to see the Jo project steadily maturing.
I am building an AI agent using Jo. I believe Jo has great potentials in this field with its capability-based security features. Great work!
I like that this feels driven by a coherent design philosophy. and the emphasis on AI security is very timely as AI-generated code becomes more common
the capabilities design is really cool, however to protect against prompt injection to unauthorized db access, couldn't we just use api only agent or db features like pg RLS
yeah, not really, actually. in my opinion, they may work, but with tradeoffs

api wrappers are safe, but they kill flexibility of AI agent and will have massive maintenance bottleneck

db-level security is a great runtime boundary, but it is completely disconnected from application business logic

Nicely done. This isn't a criticism, but i wonder if a well designed system needs prompt injection guards at all. Provided all security happens outside of the models and models only have access to data and resources that are scoped to the user. I guess model security is exactly the same as employee security, least privilege, sand boxes, etc