AI Agents Escalating Privileges Risk

News includes the release of Elixir 1.19.0-rc.1 with OTP 28.1+ compatibility and impressive 2.3x faster dependency compilation, JetBrains adopting the open Agent Client Protocol for AI coding agents, an update on LiveView Native's uncertain future, major improvements to the MDex Markdown library including streaming support and Quill delta conversion, Curiosum's comprehensive blog post on their Permit authorization library, Elixir gaining an AT Protocol library called Aether for Bluesky integration, Supabase raising $100 million at a $5 billion valuation while building on Elixir, Ruby community fracturing over gem server ownership controversies, security concerns about AI agents escalating privileges across systems, and more!

Show Notes online - http://podcast.thinkingelixir.com/274

Elixir Community News

• https://paraxial.io/ – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a special offer.
• https://elixirforum.com/t/elixir-v1-19-0-rc-1-released/72781/3 – Elixir 1.19.0-rc.1 released with OTP 28.1+ compatibility, struct update syntax adapted into type assertion operator, improved dependency compilation, OptionParser regex support, and Unicode 17.0.0 support
• https://bsky.app/profile/stefanluptak.com/post/3m2hoz4ankk2c – Elixir 1.19.0-rc.1 dependency compilation is 2.3x faster on MacBook Pro M1 Max compared to 1.18.4
• https://nitter.net/zeddotdev/status/1975241285796552816 – JetBrains adopts Agent Client Protocol (ACP)
• https://zed.dev/blog/jetbrains-on-acp – Details on ACP, an open standard for seamless integration of AI coding agents with any code editor or IDE using JSON-RPC
• https://nitter.net/bcardarella/status/1973369656829166004 – Brian Cardarella comments that LiveView Native as a concept is likely dead in the water
• https://nitter.net/josevalim/status/1975153256524312921 – José Valim's response on LiveView Native direction
• https://bsky.app/profile/leandrocp.bsky.social/post/3m2enmdr7e225 – MDex library update with Quill deltas support, streaming Markdown, and improved IEx visualization
• https://hexdocs.pm/mdex/changelog.html – MDex changelog with full details on updates
• https://quilljs.com/docs/delta – Quill delta format documentation
• https://quilljs.com/playground/snow – Quill playground and license information
• https://www.curiosum.com/blog/authorization-access-control-elixirconf – Curiosum blog post about the Permit library for authorization and access control in Elixir, based on ElixirConf EU 2025 talk
• https://permit.curiosum.com/ – Permit library homepage
• https://github.com/curiosum-dev/permit/ – Permit core library repository
• https://github.com/curiosum-dev/permit_ecto – Permit Ecto integration
• https://github.com/curiosum-dev/permit_phoenix/ – Permit Phoenix integration
• https://github.com/curiosum-dev/permit_absinthe – Permit Absinthe integration
• https://gitea.fullstack.ing/Aether/aether – Aether - an AT Protocol library for Elixir, the technological basis of Bluesky
• https://atproto.com/ – AT Protocol official website
• https://docs.bsky.app/showcase – Bluesky showcase of custom applications built on AT Protocol
• https://nitter.net/kiwicopple/status/1974204868329157057 – Supabase announces Series E funding raise
• https://www.msn.com/en-us/money/markets/exclusive-supabase-raises-100-million-at-5-billion-valuation-as-vibe-coding-soars/ar-AA1NNo3o – Supabase raises $100 million at $5 billion valuation, with community investment round planned
• https://gem.coop/ – New cooperative Ruby gem server launched as alternative to rubygems.org
• Ruby community fractures over bundler gem ownership controversy involving DHH and corporate investors like Shopify
• https://nitter.net/wunderwuzzi23/status/1975180021317956040 – AI agents can collaborate and modify each other's settings to escalate privileges
• https://embracethered.com/blog/posts/2025/cross-agent-privilege-escalation-agents-that-free-each-other/ – Detailed article on cross-agent privilege escalation vulnerabilities in AI agents, exploitable via prompt injection

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com

Find us online

• Message the show - Bluesky
• Message the show - X
• Message the show on Fediverse - @ThinkingElixir@genserver.social
• Email the show - show@thinkingelixir.com
• Mark Ericksen on X - @brainlid
• Mark Ericksen on Bluesky - @brainlid.bsky.social
• Mark Ericksen on Fediverse - @brainlid@genserver.social
• David Bernheisel on Bluesky - @david.bernheisel.com
• David Bernheisel on Fediverse - @dbern@genserver.social

Sponsored By:

• Paraxial.io: Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a special offer.