{"version":"1.0","type":"rich","provider_name":"Acast","provider_url":"https://acast.com","height":250,"width":700,"html":"<iframe src=\"https://embed.acast.com/$/5f2ae0b91ea7197e1ef08ed6/6a34eb6c4a2a3be0f40a2c8f?\" frameBorder=\"0\" width=\"700\" height=\"250\"></iframe>","title":"AI in Your Inbox Can Be Tricked Via Prompt Injection, This Team Proved It. Jonathan Rodriguez Cefalu","description":"<p>Jonathan Rodriguez Cefalu built the hardware that Snap shipped on people's faces — first the camera-only Gen 1 Spectacles, then the Gen 4 display version. His path through Stanford CS, an honors thesis on varifocal display optics, and a startup called Vergence (named after the vergence-accommodation conflict in AR) led him to Snap, and then to the problem he is working on now. Preamble AI exists to prevent the worst possible AI outcomes — starting with a class of attack that Preamble was the first to publicly demonstrate: prompt injection.</p><p><br></p><p>Ted Schilowitz hosted this episode solo. Together, he and Jonathan worked through the architecture problem sitting under every AI assistant being deployed at scale right now: large language models see one token stream. There is no separation between what the developer intended and what an untrusted email or web page is quietly instructing the model to do. With Gemini Spark about to give AI agents access to tens of thousands of emails per user, this is not a theoretical concern. Jonathan's team has a proposed fix — and they have already shaped federal law.</p><p><br></p><p>The episode also covered the week's XR and AI news: Google I/O announcements, Snap Spectacles Gen 6 details ahead of AWE, Matthew Ball joining Xbox, Anduril's battlefield AR wearable, and AI-generated feature films reaching Tribeca.</p><p><br></p><p><strong>Key Moments:</strong></p><ul><li>[00:00] Ted opens solo — Charlie Fink and Rony Abovitz are out for the summer solstice</li><li>[02:30] Google I/O: Gemini Spark and what \"persistent AI agent\" actually means in practice</li><li>[08:15] Jonathan's Gmail test: asked to search tens of thousands of emails, it searched 30 and quit</li><li>[14:40] XREAL Project Aura and the state of Android XR — a lot of spend for incremental steps</li><li>[21:00] Snap Spectacles Gen 6 details: what Jonathan knows from building Gen 1 and Gen 4 from the inside</li><li>[31:20] Snap vs. Meta: research that ships in the product vs. research that ships in a paper</li><li>[38:45] Matthew Ball joins Xbox, Anduril EagleEyes, and battlefield AR wearables</li><li>[44:10] AI on the Lot: Project Nara, Hell Grind, Dreams of Violet, Paul Schrader goes pro-AI</li><li>[52:30] Jonathan introduces Preamble AI and the mission to prevent worst-case AI outcomes</li><li>[58:00] The first public demonstration of prompt injection — what happened and why it matters</li><li>[01:06:15] Why Gemini Spark will be especially vulnerable to prompt injection attacks</li><li>[01:14:00] Preamble's proposed fix: a reserved token language that untrusted data cannot speak</li><li>[01:21:30] NDAA Section 1638: the first US law making it illegal to give AI autonomous nuclear control</li><li>[01:28:45] WarGames, \"the only winning move is not to play,\" and what that means in 2026</li></ul><p><br></p><p>Brought to you by Zappar and Mattercraft. Mattercraft makes spatial web experiences that run in the browser — no app required. Visit mattercraft.io to learn more and start building.</p>","author_name":"Charlie Fink Productions"}