← Cockpit
237_023predictionAIAGI

Baby AGI agents will need and develop an 'immune system' for prompt injection and cybersecurity threats in real time.

Predictor: Alex Wissner-Gross · ep#237 "OpenClaw Explained: Baby AGI, Security Threats, Mac Mini Became Everyone's Supercomputer" · source

Prior probability
50.0%
Current probability
27.5%
evolves via intake + LBP
Conviction
4/5
Signal quality
B
Resolution
pending
Window
2027-06-01 – 2027-06-30
Edges in / out
7 / 6
Tickers exposed
21

Prediction text

Baby AGI agents will need and develop an 'immune system' for prompt injection and cybersecurity threats in real time. | I I think it's a dangerous world out there for these baby AGIs. I I think it it's a minor travesty at minimum that that they're subject without really an immune system. They're being forced to develop an immune system in real time to injection attacks.

Watch events: ARC-AGI-2 scores; Frontier Math Tier 4 benchmark; SWE-bench Verified; Humanity's Last Exam

Verbatim quote

From episode "OpenClaw Explained: Baby AGI, Security Threats, Mac Mini Became Everyone's Supercomputer"
I I think it's a dangerous world out there for these baby AGIs. I I think it it's a minor travesty at minimum that that they're subject without really an immune system. They're being forced to develop an immune system in real time to injection attacks.

Predictor: Alex Wissner-Gross

κ + Brier as of 2026-07-04
κ (discount)
0.861
Brier
0.0406
excellent
Hits / Misses
8 / 1
of 13 resolved
Hit rate
61.5%
Calibration plot (stated vs observed)

Evidence about this node from Alex Wissner-Gross is multiplied by κ in /api/intake. Lower κ = less weight; floors at 0.10 (effectively silenced) and caps at 1.00 (full weight).

Reference class

Not linked

This node isn't linked to a reference class. The Bayesian update applies without outside-view blending.

Probability over time

5 prob_history rows
0%25%50%75%100%prior 50%2026-04-302026-05-032026-07-04
intake v2milestone miss sweeplbp propagationreference class assignedlegacy v1prior_prob (analyst seed)current = 27.5%

Milestone chain

Pre-event signals (upstream prereqs + window checkpoints) → resolution event → downstream cascades. Status/dates update from linked nodes; re-derive nightly via scripts/ops/derive_milestones.py.
Leading chain: 8 fired ✓ · 1 overdue ⏱ · 2 pending
  1. 2025-12-31hitOWASP ranks prompt injection #1 LLM security risk (LLM01)
    How: OWASP Top 10 for LLM Applications ranks prompt injection as highest-priority risk (LLM01) in 2025 or 2026 release
    Source: https://owasp.org/www-community/attacks/PromptInjectionconf 99%
    Notes: HIT — Prompt injection ranked #1 LLM security risk (LLM01) by OWASP.
  2. 2026-03-01hitCritical CVE published for prompt injection in production AI agent
    How: Public CVE published with CVSS >=9.0 for prompt injection vulnerability in major AI agent (Microsoft Copilot, GitHub Copilot, Cursor, or equivalent)
    Source: https://dev.to/cyberpath/prompt-injection-attacks-the-top-ai-threat-in-2026-and-how-to-defend-against-it-an0conf 99%
    Notes: HIT — Cursor IDE CVSS 9.8, GitHub Copilot CVSS 9.6, Microsoft Copilot CVSS 9.3 published as critical prompt-injection CVEs.
  3. 2026-03-01hitCisco State of AI Security report: 83% deploying agentic AI but only 29% ready securely
    How: Cisco or peer (NIST, Mandiant, CrowdStrike) annual AI security report publishes finding that majority of orgs deploying agentic AI lack mature security defenses
    Source: https://sombrainc.com/blog/llm-security-risks-2026conf 95%
    Notes: HIT — Cisco State of AI Security 2026 reports 83% deploying agentic AI vs 29% ready.
  4. 2026-03-01hitNIST publishes formal guidance defining agent hijacking as indirect prompt injection
    How: NIST publishes AI Risk Management Framework profile or special publication defining 'agent hijacking' as a class of indirect prompt injection
    Source: https://www.mdpi.com/2078-2489/17/1/54conf 85%
    Notes: HIT — NIST guidance now formally describes agent hijacking as indirect prompt injection.
  5. 2026-06-01 → 2027-12-31pendingStandardized 'AI immune system' / runtime defense framework adopted by major lab
    How: OpenAI, Anthropic, or Google DeepMind publishes an explicit runtime guardrail/defense system (PALADIN-class or proprietary) integrated by default into agent product
    Source: Lab blog posts, technical reportsconf 85%
    Notes: Direct realization of Wissner-Gross 'immune system' metaphor as productionized runtime layer.
  6. 2026-09-01 → 2027-12-31pendingMajor regulator mandates prompt-injection resilience testing for production agents
    How: EU AI Act technical standards body (CEN/CENELEC), NIST, or US executive order mandates documented adversarial prompt-injection testing for high-risk AI agent deployments
    Source: EU AI Act technical standards, NIST AI 800-series, federal registerconf 65%

What if this resolves?

Clamp this prediction TRUE or FALSE and run a counterfactual Gibbs sample. Surfaces the predictions whose marginals shift most under that assumption.
(live posterior: 27%)

Click a button to clamp this prediction and run a Gibbs sample. Returns the predictions whose marginals shift most. ~30s per run; ideal for stress-testing "if X resolves, what else moves?"

Evidence chain

Every probability update with full Bayesian provenance — chronological, latest first
metadata_milestone_miss_sweep2026-07-04T22:13:07Z27.5%-13.3pp
metadata_milestone_miss_sweep bayesian_v2 n=1 inside=0.275 blend=0.275 LLR=-0.597 κ=0.86 no_blend
Raw metadata
{
  "trf": 1,
  "kappa": 0.8611,
  "base_rate": null,
  "predictor": "Alex Wissner-Gross",
  "total_llr": -0.6931471805599453,
  "grace_days": 7,
  "bayesian_v2": true,
  "prior_logit": -0.374662969288054,
  "bayes_factor": "1.8:1 against",
  "blend_reason": "no reference_class linked",
  "inside_prior": 0.4074147661483269,
  "kappa_source": "predictor_table",
  "n_milestones": 1,
  "blend_applied": false,
  "contributions": [
    {
      "llr": -0.6931471805599453,
      "kind": "prereq",
      "kappa": 0.8611,
      "label": "By 2026, AI will reach 'intern-level' capability — millions of virtual interns performing supervised, economically useful tasks.",
      "weight": 0.5,
      "strength": "moderate",
      "confidence": null,
      "source_url": null,
      "adjusted_llr": -0.5968690371801688,
      "expected_date": "2026-06-26",
      "measurement_criterion": null
    }
  ],
  "evidence_kind": "metadata_milestone_miss_sweep",
  "inside_source": "history_v2",
  "inside_weight": 0.3,
  "outside_weight": 0.7,
  "posterior_prob": 0.27457524616236745,
  "posterior_logit": -0.9715320064682228,
  "predictor_brier": 0.04061,
  "inside_posterior": 0.27457524616236745,
  "blended_posterior": 0.27457524616236745,
  "reference_class_id": null,
  "total_adjusted_llr": -0.5968690371801688,
  "predictor_n_resolved": 13
}
LBP2026-05-10T02:00:02Z40.7%-1.2pp
Network propagation: 41.9% → 40.7%
6-iter LBP, residual 0.00584 · damping 0.5, w_intrinsic 0.5 · method lbp_v3 · run e5c18d29
LBP2026-05-03T02:00:01Z41.9%-1.7pp
Network propagation: 43.7% → 41.9%
6-iter LBP, residual 0.00677 · damping 0.5, w_intrinsic 0.5 · method lbp_v3 · run 1a683ac9
LBP2026-04-30T16:39:51Z43.7%-2.3pp
Network propagation: 46.0% → 43.7%
5-iter LBP, residual 0.00825 · damping 0.5, w_intrinsic 0.5 · method lbp_v2 · run 0c8a4ea3
LBP2026-04-30T02:18:57Z46.0%-4.0pp
Network propagation: 50.0% → 46.0%
5-iter LBP, residual 0.00825 · damping 0.5, w_intrinsic 0.5 · method lbp_v1 · run 592311ef

Network propagation neighbors

Top edges sorted by latest LBP cross-impact
All propagation →

Top incoming (parents)

Edges that influence THIS node's belief

KindNodeTheir probP(c|s=T)P(c|s=F)Δ implied
killerTK03
AI Regulatory Moratorium (EU/US Capability Freeze)
10.0%0.0500.500+0.180
killerTK01
AGI Capability Plateau (2026-27 Training Stall)
15.0%0.0500.500+0.158
prereq238_009
Recursive self-improvement is already happening now (no longAlex Wissner-Gross
78.1%0.5000.050+0.123
prereq235_038
David Sinclair begins partial epigenetic reprogramming trialPeter Diamandis
74.0%0.5000.050+0.105
prereq232_014
Recursive self-improvement is already here, not 12 months awAlex Wissner-Gross
70.2%0.5000.050+0.092

Top outgoing (children)

Predictions THIS node influences

KindNodeTheir probP(c|s=T)P(c|s=F)Δ implied
prereq239_001
Global economy will be 10x its current size in 10 yearsElon Musk
37.7%0.6000.050-0.148
prereq241_043
ASI will arrive within 2 years to 5 years to this next decadPeter Diamandis
14.1%0.6500.050+0.104
prereqCMQ_003
By 2030, AI models will surpass peak human expert levels acrSam Altman
22.8%0.3500.050-0.080
prereqSEM_034
True artificial general intelligence will be achieved betweeDemis Hassabis
28.7%0.5500.050-0.074
prereq235_030
Ray Kurzweil predicts Longevity Escape Velocity (LEV) by 203Ray Kurzweil
24.4%0.7500.050+0.034

Ticker exposure

21 ticker(s) linked

Beneficiaries (14)

SOUNNVDAGTLBAIBBAITCEHYAMZNBABAGOOGLIBMMETAMSFTORCLSHOP

Adverse (7)

ACNCTSHFRSHCHGGIBMINFYPEGA

Prerequisites (7)

Predictions that must hit first
TypePredTitleDomainLag
prereq248_040Pausing AI will fail and only accelerate race dynamics.AI
prereq238_009Recursive self-improvement is already happening now (no longer three years out)AI
prereq235_038David Sinclair begins partial epigenetic reprogramming trials with Life Biosciences in March 2026.Biotech/Longevity
prereq232_014Recursive self-improvement is already here, not 12 months away.AI
prereqCMQ_001By 2026, AI will reach 'intern-level' capability — millions of virtual interns performing supervised, economically useful tasks.AI
killerTK01AGI Capability Plateau (2026-27 Training Stall)
killerTK03AI Regulatory Moratorium (EU/US Capability Freeze)

Dependents (6)

Predictions enabled by this
TypePredTitleDomainLag
prereq235_030Ray Kurzweil predicts Longevity Escape Velocity (LEV) by 2033.Biotech/Longevity
prereq241_043ASI will arrive within 2 years to 5 years to this next decadeAI
prereq239_001Global economy will be 10x its current size in 10 yearsMacro/Economy
prereqSEM_034True artificial general intelligence will be achieved between 2032 and 2042 — 'first we solve AI, then use AI to solve everything else'.AI/AGI
prereq232_040Nick Bostrom: AI can and should be paused but only once we're on the verge of super intelligence.AI
prereqCMQ_003By 2030, AI models will surpass peak human expert levels across virtually all cognitive domains — onset of true superintelligence.AI

Linked documents (10)

Auto-generated by cosine similarity from Polymarket / Manifold / EDGAR / GDELT
SimSourceTitleMarket probPolarityReviewedPublished
0.583fdaFDA ANDA210671: MULTIPLE VITAMINS INJECTION PEDIATRIC (ASCORBIC ACID) — APOTEXmentionspending2026-04-21
0.569fdaFDA ANDA210456: MULTIPLE VITAMINS INJECTION PEDIATRIC (PHARMACY BULK PACKAGE) (ASCORBIC ACID) — APOTEXmentionspending2026-04-21
0.564fdaFDA NDA021909: CHILDREN'S ALLEGRA HIVES (FEXOFENADINE HYDROCHLORIDE) — CHATTEM SANOFImentionspending2026-06-04
0.545fdaFDA ANDA217758: AMMONIUM LACTATE (AMMONIUM LACTATE) — ZYDUS LIFESCIENCESmentionspending2026-05-15
0.537fdaFDA NDA020944: CHILDREN'S ADVIL (IBUPROFEN) — HALEON US HOLDINGSmentionspending2026-05-01
0.536fdaFDA NDA019835: ZYRTEC HIVES (CETIRIZINE HYDROCHLORIDE) — KENVUE BRANDSmentionspending2026-06-11
0.524fdaFDA ANDA218651: FLUORESCEIN SODIUM (FLUORESCEIN SODIUM) — ZYDUS LIFESCIENCESmentionspending2026-06-01
0.514fdaFDA ANDA203849: MORPHINE SULFATE (MORPHINE SULFATE) — ACTAVIS ELIZABETHmentionspending2026-06-18
0.502fdaFDA ANDA079040: MORPHINE SULFATE (MORPHINE SULFATE) — ACTAVIS ELIZABETHmentionspending2026-06-18
0.499fdaFDA ANDA219409: ALBUTEROL SULFATE (ALBUTEROL SULFATE) — CIPLAmentionspending2026-04-22

Raw metadata

From Thesis_Timeline_v1.0_FINAL workbook
{
  "nia": false,
  "url": "https://www.youtube.com/watch?v=qP73cGLQmCU",
  "mode": "FORECAST",
  "role": "Host",
  "context": "And I I think it's a dangerous world out there for these baby AGIs. I I think it it's a minor travesty at minimum that that they're subject without really an immune system. They're being forced to develop an immune system in real time to injection attacks.",
  "to_year": 2028,
  "verbatim": "I I think it's a dangerous world out there for these baby AGIs. I I think it it's a minor travesty at minimum that that they're subject without really an immune system. They're being forced to develop an immune system in real time to injection attacks.",
  "conv_cues": "are being forced",
  "direction": "HAPPEN",
  "from_year": 2026,
  "timeframe": "near-term/ongoing",
  "conv_level": "HIGH",
  "milestones": [
    {
      "kind": "llm_pre_event",
      "label": "OWASP ranks prompt injection #1 LLM security risk (LLM01)",
      "notes": "HIT — Prompt injection ranked #1 LLM security risk (LLM01) by OWASP.",
      "source": "https://owasp.org/www-community/attacks/PromptInjection",
      "status": "hit",
      "weight": 0.4,
      "ordinal": -11,
      "source_id": null,
      "confidence": 0.99,
      "source_url": "https://owasp.org/www-community/attacks/PromptInjection",
      "expected_date": "2025-12-31",
      "observed_date": "2025-12-31",
      "hit_emitted_at": "2026-06-08T13:04:02.341521+00:00",
      "research_origin": "deep_research",
      "measurement_criterion": "OWASP Top 10 for LLM Applications ranks prompt injection as highest-priority risk (LLM01) in 2025 or 2026 release"
    },
    {
      "kind": "llm_pre_event",
      "label": "Critical CVE published for prompt injection in production AI agent",
      "notes": "HIT — Cursor IDE CVSS 9.8, GitHub Copilot CVSS 9.6, Microsoft Copilot CVSS 9.3 published as critical prompt-injection CVEs.",
      "source": "https://dev.to/cyberpath/prompt-injection-attacks-the-top-ai-threat-in-2026-and-how-to-defend-against-it-an0",
      "status": "hit",
      "weight": 0.4,
      "ordinal": -10,
      "source_id": null,
      "confidence": 0.99,
      "source_url": "https://dev.to/cyberpath/prompt-injection-attacks-the-top-ai-threat-in-2026-and-how-to-defend-against-it-an0",
      "expected_date": "2026-03-31",
      "observed_date": "2026-03-01",
      "hit_emitted_at": "2026-06-08T13:04:02.341521+00:00",
      "research_origin": "deep_research",
      "measurement_criterion": "Public CVE published with CVSS >=9.0 for prompt injection vulnerability in major AI agent (Microsoft Copilot, GitHub Copilot, Cursor, or equivalent)"
    },
    {
      "kind": "llm_pre_event",
      "label": "Cisco State of AI Security report: 83% deploying agentic AI but only 29% ready securely",
      "notes": "HIT — Cisco State of AI Security 2026 reports 83% deploying agentic AI vs 29% ready.",
      "source": "https://sombrainc.com/blog/llm-security-risks-2026",
      "status": "hit",
      "weight": 0.4,
      "ordinal": -9,
      "source_id": null,
      "confidence": 0.95,
      "source_url": "https://sombrainc.com/blog/llm-security-risks-2026",
      "expected_date": "2026-03-31",
      "observed_date": "2026-03-01",
      "hit_emitted_at": "2026-06-08T13:04:02.341521+00:00",
      "research_origin": "deep_research",
      "measurement_criterion": "Cisco or peer (NIST, Mandiant, CrowdStrike) annual AI security report publishes finding that majority of orgs deploying agentic AI lack mature security defenses"
    },
    {
      "kind": "prereq",
      "label": "Recursive self-improvement is already happening now (no longer three years out)",
      "status": "hit",
      "weight": 0.5,
      "ordinal": -8,
      "source_id": "238_009",
      "expected_date": "2026-04-29",
      "observed_date": "2026-04-29",
      "hit_emitted_at": "2026-06-08T13:04:02.341521+00:00"
    },
    {
      "kind": "prereq",
      "label": "David Sinclair begins partial epigenetic reprogramming trials with
... (truncated)