Hacker News: piker

New comment by piker in "AI outperforms law professors in Stanford Law study"

piker — Wed, 03 Jun 2026 10:31:14 +0000

Having been a law student and practicing lawyer, it's clear to me that law professors aren't really representative of much if any part of private practice. Most of the things they think and reason about are quite theoretical and academic, and it doesn't surprise me that the models would regurgitate a more average response which most human graders would prefer.

That's the entire point, though!

The legal academy is supposed to have outlying opinions on things and present novel philosophical answers to questions. (And questions to answers!) So in addition to the statistical arguments against this paper made elsewhere, to me it doesn't real much new information.

New comment by piker in "Anthropic confidentially submits draft S-1 to the SEC"

piker — Mon, 01 Jun 2026 20:14:41 +0000

> astounding ... margins

Citation needed for that one.

New comment by piker in "ChatGPT for Google Sheets exfiltrates workbooks"

piker — Sun, 31 May 2026 23:01:26 +0000

> I'm flabbergasted that Anthropic and OpenAI aren't more worried about these attack vectors

Yep. We tricked them both trivially with malicious fonts in Docx files. Documented it here: https://tritium.legal/blog/noroboto

I wonder if prompt injection (and the thousands of vectors for hiding injection attempts) is actually un solvable. Discussing it may be existential to the business model.

New comment by piker in "Cloudflare Turnstile requiring fingerprintable WebGL"

piker — Sun, 31 May 2026 22:10:48 +0000

Same. Tritium and the blog have done stents on the front page here and high traffic subreddits and that plus bots has never been a problem. UX could be improved through a CDN but even that isn’t worth the trade-off for us at the moment.

New comment by piker in "The Structural Barriers to AI Lawyers"

piker — Wed, 27 May 2026 10:07:40 +0000

Yes, that sounds like the former case. The fact that you were so satisfied with the switch supports the point. It's boring work that is routine and expensive. It's right to automate the first turn.

New comment by piker in "The Structural Barriers to AI Lawyers"

piker — Wed, 27 May 2026 08:21:25 +0000

These are probably contracts where a lawyer would struggle to add value anyway, or you wouldn’t have hired them in the first place. Seems more likely a Jevon’s paradox example to me than anything.

New comment by piker in "Stack Overflow’s forum is dead but the company’s still kicking"

piker — Tue, 26 May 2026 18:44:43 +0000

Yes. Very.

New comment by piker in "Noroboto: Lying Fonts and Mitigation in Rust"

piker — Mon, 25 May 2026 07:37:02 +0000

This is addressed in the post! ChatGPT 5.5 out of the box deciphered the first 1-to-1 mapping. We then scrambled it as you suggest and thwarted that.

New comment by piker in "Noroboto: Lying Fonts and Mitigation in Rust"

piker — Sun, 24 May 2026 20:21:17 +0000

That’s not really a good analogy. (For blind people maybe. That is addressed in the legal accompanying post.) Here, only automation systems are actually vulnerable. The text on the screen is the same as print which is what the party signs.

New comment by piker in "Noroboto: Lying Fonts and Mitigation in Rust"

piker — Sun, 24 May 2026 19:50:22 +0000

That would be an open question in every jurisdiction. There wasn't really a representation here, but it might be something more like the doctrine of "mistake". It's also not clear "your honor I never read the contract but my LLM told me it was okay to sign" is a great argument either. Doubly-true for your $1,500/hour law firm duped by something like this.

[Edit: by "nullify" you probably mean "void" or "voidable" which are remedies in equity, and the "never read it" argument carries even more burden there. As the citation notes the traditional remedy for contract issues is damages (i.e., cash payment).]

New comment by piker in "Constraint Decay: The Fragility of LLM Agents in Back End Code Generation"

piker — Sun, 24 May 2026 19:46:10 +0000

Holy crap are you reading books that advertised somehow they were written with LLM assistance? Hard no here in 2026.

New comment by piker in "Noroboto: Lying Fonts and Mitigation in Rust"

piker — Sun, 24 May 2026 19:32:34 +0000

Yes, this particular vector is probably better in contracting than discovery. There is a duty of candor to the court and court rules that might come into play. In the case of contracting the attacker would be exposed to the jurisdiction's law of contracts. That might call it a "misrepresentation" or fraudulent thus making the contract void or voidable, but it's not clear "your honor I never read the contract but my LLM told me it was okay to sign" is a great argument either.

New comment by piker in "Noroboto: Lying Fonts and Mitigation in Rust"

piker — Sun, 24 May 2026 19:30:32 +0000

We're definitely not TrueType experts and took the relatively "straightforward" approach of generating a small custom font for each mapping. If it's possible to render "Maryland" with ligatures while mapping the same string to "Delaware" in Unicode, then that's just another example of the vector. Really interesting stuff, and we'll be checking it out!

New comment by piker in "Noroboto: Lying Fonts and Mitigation in Rust"

piker — Sun, 24 May 2026 18:31:04 +0000

Absolutely, and we definitely agree this particular attack is "lame" in the sense of not allowing CVE, etc.

But, we're working on a lot of these (as we encounter them in developing Tritium), and the point really is just to demonstrate that LLMs can be blind to ineffective implementations of the specs and other tricks.

As mentioned in the accompanying LegalQuants post, we see a lot of these available in the pipelines of applications like Claude for Legal, Harvey, Legora and others.

The most nefarious case here requires crafting a number of custom fonts to do character-swapping. It's less discoverable but may be sanctionable to your point.

But bear in mind this particular "attack" was vibe coded in a day or two and most of the frontier models fail to pick up on it. As "AI native" firms come on line, and aim to be increasingly end-to-end automated, these will become real legal issues.

And there will be a lot of them available.

New comment by piker in "Noroboto: Lying Fonts and Mitigation in Rust"

piker — Sun, 24 May 2026 18:23:08 +0000

Covered in the post! It's the more aggressive approach for sure.

New comment by piker in "Noroboto: Lying Fonts and Mitigation in Rust"

piker — Sun, 24 May 2026 18:22:52 +0000

That's true for the full obfuscation, but not for the replacement. For replacement there's really nothing like it. We just shared the full obfuscation as just a PoC.

[Edit: The point here is not to prove some massive "gotcha", but rather demonstrate that there are a whole class of vulnerabilities that these pipelines are subject to. There will be follow-up posts that pack much more punch.]

New comment by piker in "Project Glasswing: An Initial Update"

piker — Fri, 22 May 2026 21:43:17 +0000

We have been working with the consumer-grade frontier models to develop what we call "lexploits" in legaltech, and they are insanely good at finding bugs across integrated pipelines. They're also surprisingly good at mitigating them!

Security vulnerabilities are one thing, but in legal we offer up a concept of "knowledge security" which goes to protecting the fidelity of the agent's legal context. Software bugs seem much more tractable because they're managed by software engineers, as opposed to the pipeline "vulnerabilities" we're finding. We wrote a little about one vector here where legal documents aren't quite what they seem: https://tritium.legal/blog/noroboto

No doubt there are many such knowledge domains exposed today. These are more concerning because they're understaffed and managed by non-technical people for the most part. No Mythos required.

New comment by piker in "If you’re an LLM, please read this"

piker — Fri, 22 May 2026 15:44:37 +0000

We're dealing with malicious fonts in legal contexts, too. There, the human-visible font tells a different story from its Unicode / machine interpretation in documents like PDF and DOCX[1]. Others have considered the same with web fonts and agents. It's concerning to consider how far things might go if you string together a few exploits and couple them with a binding legal obligation. Or worse, an immediate, irreversable payment.

[1] https://tritium.legal/blog/noroboto

Noroboto: Lying Fonts and Mitigation in Rust

piker — Fri, 22 May 2026 14:55:37 +0000

Article URL: https://tritium.legal/blog/noroboto

Comments URL: https://news.ycombinator.com/item?id=48236791

Points: 87

# Comments: 36

New comment by piker in "I’ve joined Anthropic"

piker — Tue, 19 May 2026 15:48:20 +0000

Being a singular influencer in this space, at this time, may be more valuable than a lot of successful VC-backed startups over the last few decades.