Stephen Downes

This isn't really an internet security newsletter so I leave the reporting to others, but this article is a quick read and nicely summarizes and illustrates Simon Willison's trifecta of security risks for agentic AI: access to sensitive data, ability to communicate externally, and exposure to untrusted content. Imagine, for example, that you allowed your email reader to execute commands on your bank account. The responses are about what you would expect: minimize access to sensitive data, block the ability to communicate externally, and limit access to untrusted content. How to do this? It's a good idea to run the application in a container with limited access to data. And make sure a human is checking on key transactions.