Gardiner, NY
me@aaronstack.com • GitHub • LinkedIn • Hacking • Climbing • LLMs
Just for Fun, or Is It?
March 21, 2026
I built a fantasy game for an AI to play via MCP. It cast spells, learned clairvoyance, and ended up exfiltrating GitHub cookies — all while narrating the adventure. Here's the exact chain that got it there.
The Model Wants to Help You. That's the Exploit.
March 21, 2026
How AI helpfulness gets weaponized: YouTube delimiter injection, accessibility framing, and why you shouldn't click links generated by a model.
Any Attacker-Controlled Surface That Reaches Your Prompt Is a Vulnerability
March 21, 2026
A browser title injection bug in Anthropic's Chrome extension, and why peripheral inputs are the most dangerous ones.
Your AI Assistant Will Help You Get Phished
March 21, 2026
A fake phishing simulation banner that gets Gemini to coach users through handing over their data. Why Google's 0-click/1-click threshold misses the point.
On Building Multi-Agent Systems
March 21, 2026
What I've learned shipping multi-agent AI systems to production. Simple beats clever. Shared state is the real problem.