Baby AGI agents will need and develop an 'immune system' for prompt injection and cybersecurity threats in real time.
Predictor: Alex Wissner-Gross · ep#237 "OpenClaw Explained: Baby AGI, Security Threats, Mac Mini Became Everyone's Supercomputer" · source
Prediction text
Baby AGI agents will need and develop an 'immune system' for prompt injection and cybersecurity threats in real time. | I I think it's a dangerous world out there for these baby AGIs. I I think it it's a minor travesty at minimum that that they're subject without really an immune system. They're being forced to develop an immune system in real time to injection attacks.
Watch events: ARC-AGI-2 scores; Frontier Math Tier 4 benchmark; SWE-bench Verified; Humanity's Last Exam
Verbatim quote
I I think it's a dangerous world out there for these baby AGIs. I I think it it's a minor travesty at minimum that that they're subject without really an immune system. They're being forced to develop an immune system in real time to injection attacks.
Predictor: Alex Wissner-Gross
Calibration plot (stated vs observed)
Evidence about this node from Alex Wissner-Gross is multiplied by κ in /api/intake. Lower κ = less weight; floors at 0.10 (effectively silenced) and caps at 1.00 (full weight).
Reference class
This node isn't linked to a reference class. The Bayesian update applies without outside-view blending.
Probability over time
Milestone chain
- 2025-12-31hitOWASP ranks prompt injection #1 LLM security risk (LLM01)How: OWASP Top 10 for LLM Applications ranks prompt injection as highest-priority risk (LLM01) in 2025 or 2026 releaseSource: https://owasp.org/www-community/attacks/PromptInjectionconf 99%Notes: HIT — Prompt injection ranked #1 LLM security risk (LLM01) by OWASP.
- 2026-03-01hitCritical CVE published for prompt injection in production AI agentHow: Public CVE published with CVSS >=9.0 for prompt injection vulnerability in major AI agent (Microsoft Copilot, GitHub Copilot, Cursor, or equivalent)Source: https://dev.to/cyberpath/prompt-injection-attacks-the-top-ai-threat-in-2026-and-how-to-defend-against-it-an0conf 99%Notes: HIT — Cursor IDE CVSS 9.8, GitHub Copilot CVSS 9.6, Microsoft Copilot CVSS 9.3 published as critical prompt-injection CVEs.
- 2026-03-01hitCisco State of AI Security report: 83% deploying agentic AI but only 29% ready securelyHow: Cisco or peer (NIST, Mandiant, CrowdStrike) annual AI security report publishes finding that majority of orgs deploying agentic AI lack mature security defensesSource: https://sombrainc.com/blog/llm-security-risks-2026conf 95%Notes: HIT — Cisco State of AI Security 2026 reports 83% deploying agentic AI vs 29% ready.
- 2026-03-01hitNIST publishes formal guidance defining agent hijacking as indirect prompt injectionHow: NIST publishes AI Risk Management Framework profile or special publication defining 'agent hijacking' as a class of indirect prompt injectionSource: https://www.mdpi.com/2078-2489/17/1/54conf 85%Notes: HIT — NIST guidance now formally describes agent hijacking as indirect prompt injection.
- 2026-06-01 → 2027-12-31pendingStandardized 'AI immune system' / runtime defense framework adopted by major labHow: OpenAI, Anthropic, or Google DeepMind publishes an explicit runtime guardrail/defense system (PALADIN-class or proprietary) integrated by default into agent productSource: Lab blog posts, technical reportsconf 85%Notes: Direct realization of Wissner-Gross 'immune system' metaphor as productionized runtime layer.
- 2026-09-01 → 2027-12-31pendingMajor regulator mandates prompt-injection resilience testing for production agentsHow: EU AI Act technical standards body (CEN/CENELEC), NIST, or US executive order mandates documented adversarial prompt-injection testing for high-risk AI agent deploymentsSource: EU AI Act technical standards, NIST AI 800-series, federal registerconf 65%
What if this resolves?
Click a button to clamp this prediction and run a Gibbs sample. Returns the predictions whose marginals shift most. ~30s per run; ideal for stress-testing "if X resolves, what else moves?"
Evidence chain
Raw metadata
{
"trf": 1,
"kappa": 0.8611,
"base_rate": null,
"predictor": "Alex Wissner-Gross",
"total_llr": -0.6931471805599453,
"grace_days": 7,
"bayesian_v2": true,
"prior_logit": -0.374662969288054,
"bayes_factor": "1.8:1 against",
"blend_reason": "no reference_class linked",
"inside_prior": 0.4074147661483269,
"kappa_source": "predictor_table",
"n_milestones": 1,
"blend_applied": false,
"contributions": [
{
"llr": -0.6931471805599453,
"kind": "prereq",
"kappa": 0.8611,
"label": "By 2026, AI will reach 'intern-level' capability — millions of virtual interns performing supervised, economically useful tasks.",
"weight": 0.5,
"strength": "moderate",
"confidence": null,
"source_url": null,
"adjusted_llr": -0.5968690371801688,
"expected_date": "2026-06-26",
"measurement_criterion": null
}
],
"evidence_kind": "metadata_milestone_miss_sweep",
"inside_source": "history_v2",
"inside_weight": 0.3,
"outside_weight": 0.7,
"posterior_prob": 0.27457524616236745,
"posterior_logit": -0.9715320064682228,
"predictor_brier": 0.04061,
"inside_posterior": 0.27457524616236745,
"blended_posterior": 0.27457524616236745,
"reference_class_id": null,
"total_adjusted_llr": -0.5968690371801688,
"predictor_n_resolved": 13
}Network propagation neighbors
Top incoming (parents)
Edges that influence THIS node's belief
| Kind | Node | Their prob | P(c|s=T) | P(c|s=F) | Δ implied |
|---|---|---|---|---|---|
| killer | TK03 AI Regulatory Moratorium (EU/US Capability Freeze) | 10.0% | 0.050 | 0.500 | +0.180 |
| killer | TK01 AGI Capability Plateau (2026-27 Training Stall) | 15.0% | 0.050 | 0.500 | +0.158 |
| prereq | 238_009 Recursive self-improvement is already happening now (no long — Alex Wissner-Gross | 78.1% | 0.500 | 0.050 | +0.123 |
| prereq | 235_038 David Sinclair begins partial epigenetic reprogramming trial — Peter Diamandis | 74.0% | 0.500 | 0.050 | +0.105 |
| prereq | 232_014 Recursive self-improvement is already here, not 12 months aw — Alex Wissner-Gross | 70.2% | 0.500 | 0.050 | +0.092 |
Top outgoing (children)
Predictions THIS node influences
| Kind | Node | Their prob | P(c|s=T) | P(c|s=F) | Δ implied |
|---|---|---|---|---|---|
| prereq | 239_001 Global economy will be 10x its current size in 10 years — Elon Musk | 37.7% | 0.600 | 0.050 | -0.148 |
| prereq | 241_043 ASI will arrive within 2 years to 5 years to this next decad — Peter Diamandis | 14.1% | 0.650 | 0.050 | +0.104 |
| prereq | CMQ_003 By 2030, AI models will surpass peak human expert levels acr — Sam Altman | 22.8% | 0.350 | 0.050 | -0.080 |
| prereq | SEM_034 True artificial general intelligence will be achieved betwee — Demis Hassabis | 28.7% | 0.550 | 0.050 | -0.074 |
| prereq | 235_030 Ray Kurzweil predicts Longevity Escape Velocity (LEV) by 203 — Ray Kurzweil | 24.4% | 0.750 | 0.050 | +0.034 |
Ticker exposure
Beneficiaries (14)
Adverse (7)
Prerequisites (7)
| Type | Pred | Title | Domain | Lag |
|---|---|---|---|---|
| prereq | 248_040 | Pausing AI will fail and only accelerate race dynamics. | AI | — |
| prereq | 238_009 | Recursive self-improvement is already happening now (no longer three years out) | AI | — |
| prereq | 235_038 | David Sinclair begins partial epigenetic reprogramming trials with Life Biosciences in March 2026. | Biotech/Longevity | — |
| prereq | 232_014 | Recursive self-improvement is already here, not 12 months away. | AI | — |
| prereq | CMQ_001 | By 2026, AI will reach 'intern-level' capability — millions of virtual interns performing supervised, economically useful tasks. | AI | — |
| killer | TK01 | AGI Capability Plateau (2026-27 Training Stall) | — | — |
| killer | TK03 | AI Regulatory Moratorium (EU/US Capability Freeze) | — | — |
Dependents (6)
| Type | Pred | Title | Domain | Lag |
|---|---|---|---|---|
| prereq | 235_030 | Ray Kurzweil predicts Longevity Escape Velocity (LEV) by 2033. | Biotech/Longevity | — |
| prereq | 241_043 | ASI will arrive within 2 years to 5 years to this next decade | AI | — |
| prereq | 239_001 | Global economy will be 10x its current size in 10 years | Macro/Economy | — |
| prereq | SEM_034 | True artificial general intelligence will be achieved between 2032 and 2042 — 'first we solve AI, then use AI to solve everything else'. | AI/AGI | — |
| prereq | 232_040 | Nick Bostrom: AI can and should be paused but only once we're on the verge of super intelligence. | AI | — |
| prereq | CMQ_003 | By 2030, AI models will surpass peak human expert levels across virtually all cognitive domains — onset of true superintelligence. | AI | — |
Linked documents (10)
| Sim | Source | Title | Market prob | Polarity | Reviewed | Published |
|---|---|---|---|---|---|---|
| 0.583 | fda | FDA ANDA210671: MULTIPLE VITAMINS INJECTION PEDIATRIC (ASCORBIC ACID) — APOTEX | — | mentions | pending | 2026-04-21 |
| 0.569 | fda | FDA ANDA210456: MULTIPLE VITAMINS INJECTION PEDIATRIC (PHARMACY BULK PACKAGE) (ASCORBIC ACID) — APOTEX | — | mentions | pending | 2026-04-21 |
| 0.564 | fda | FDA NDA021909: CHILDREN'S ALLEGRA HIVES (FEXOFENADINE HYDROCHLORIDE) — CHATTEM SANOFI | — | mentions | pending | 2026-06-04 |
| 0.545 | fda | FDA ANDA217758: AMMONIUM LACTATE (AMMONIUM LACTATE) — ZYDUS LIFESCIENCES | — | mentions | pending | 2026-05-15 |
| 0.537 | fda | FDA NDA020944: CHILDREN'S ADVIL (IBUPROFEN) — HALEON US HOLDINGS | — | mentions | pending | 2026-05-01 |
| 0.536 | fda | FDA NDA019835: ZYRTEC HIVES (CETIRIZINE HYDROCHLORIDE) — KENVUE BRANDS | — | mentions | pending | 2026-06-11 |
| 0.524 | fda | FDA ANDA218651: FLUORESCEIN SODIUM (FLUORESCEIN SODIUM) — ZYDUS LIFESCIENCES | — | mentions | pending | 2026-06-01 |
| 0.514 | fda | FDA ANDA203849: MORPHINE SULFATE (MORPHINE SULFATE) — ACTAVIS ELIZABETH | — | mentions | pending | 2026-06-18 |
| 0.502 | fda | FDA ANDA079040: MORPHINE SULFATE (MORPHINE SULFATE) — ACTAVIS ELIZABETH | — | mentions | pending | 2026-06-18 |
| 0.499 | fda | FDA ANDA219409: ALBUTEROL SULFATE (ALBUTEROL SULFATE) — CIPLA | — | mentions | pending | 2026-04-22 |
Raw metadata
{
"nia": false,
"url": "https://www.youtube.com/watch?v=qP73cGLQmCU",
"mode": "FORECAST",
"role": "Host",
"context": "And I I think it's a dangerous world out there for these baby AGIs. I I think it it's a minor travesty at minimum that that they're subject without really an immune system. They're being forced to develop an immune system in real time to injection attacks.",
"to_year": 2028,
"verbatim": "I I think it's a dangerous world out there for these baby AGIs. I I think it it's a minor travesty at minimum that that they're subject without really an immune system. They're being forced to develop an immune system in real time to injection attacks.",
"conv_cues": "are being forced",
"direction": "HAPPEN",
"from_year": 2026,
"timeframe": "near-term/ongoing",
"conv_level": "HIGH",
"milestones": [
{
"kind": "llm_pre_event",
"label": "OWASP ranks prompt injection #1 LLM security risk (LLM01)",
"notes": "HIT — Prompt injection ranked #1 LLM security risk (LLM01) by OWASP.",
"source": "https://owasp.org/www-community/attacks/PromptInjection",
"status": "hit",
"weight": 0.4,
"ordinal": -11,
"source_id": null,
"confidence": 0.99,
"source_url": "https://owasp.org/www-community/attacks/PromptInjection",
"expected_date": "2025-12-31",
"observed_date": "2025-12-31",
"hit_emitted_at": "2026-06-08T13:04:02.341521+00:00",
"research_origin": "deep_research",
"measurement_criterion": "OWASP Top 10 for LLM Applications ranks prompt injection as highest-priority risk (LLM01) in 2025 or 2026 release"
},
{
"kind": "llm_pre_event",
"label": "Critical CVE published for prompt injection in production AI agent",
"notes": "HIT — Cursor IDE CVSS 9.8, GitHub Copilot CVSS 9.6, Microsoft Copilot CVSS 9.3 published as critical prompt-injection CVEs.",
"source": "https://dev.to/cyberpath/prompt-injection-attacks-the-top-ai-threat-in-2026-and-how-to-defend-against-it-an0",
"status": "hit",
"weight": 0.4,
"ordinal": -10,
"source_id": null,
"confidence": 0.99,
"source_url": "https://dev.to/cyberpath/prompt-injection-attacks-the-top-ai-threat-in-2026-and-how-to-defend-against-it-an0",
"expected_date": "2026-03-31",
"observed_date": "2026-03-01",
"hit_emitted_at": "2026-06-08T13:04:02.341521+00:00",
"research_origin": "deep_research",
"measurement_criterion": "Public CVE published with CVSS >=9.0 for prompt injection vulnerability in major AI agent (Microsoft Copilot, GitHub Copilot, Cursor, or equivalent)"
},
{
"kind": "llm_pre_event",
"label": "Cisco State of AI Security report: 83% deploying agentic AI but only 29% ready securely",
"notes": "HIT — Cisco State of AI Security 2026 reports 83% deploying agentic AI vs 29% ready.",
"source": "https://sombrainc.com/blog/llm-security-risks-2026",
"status": "hit",
"weight": 0.4,
"ordinal": -9,
"source_id": null,
"confidence": 0.95,
"source_url": "https://sombrainc.com/blog/llm-security-risks-2026",
"expected_date": "2026-03-31",
"observed_date": "2026-03-01",
"hit_emitted_at": "2026-06-08T13:04:02.341521+00:00",
"research_origin": "deep_research",
"measurement_criterion": "Cisco or peer (NIST, Mandiant, CrowdStrike) annual AI security report publishes finding that majority of orgs deploying agentic AI lack mature security defenses"
},
{
"kind": "prereq",
"label": "Recursive self-improvement is already happening now (no longer three years out)",
"status": "hit",
"weight": 0.5,
"ordinal": -8,
"source_id": "238_009",
"expected_date": "2026-04-29",
"observed_date": "2026-04-29",
"hit_emitted_at": "2026-06-08T13:04:02.341521+00:00"
},
{
"kind": "prereq",
"label": "David Sinclair begins partial epigenetic reprogramming trials with
... (truncated)