Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Mitigations also need to happen on the client side.

If you have a AI that automatically can invoke tools, you need to assume the worst can happen and add a human in the loop if it is above your risk appetite.

It's wild how many AI tools just blindly invoke tools by default or have no human in loop feature at all.



Or give them access to appropriately permissioned tools and not superuser/admin/service accounts that can access everything


It's often missed that tools that only read information are perfect for data exfiltration (no need for any more permissions).

So if you add a Jira tool and a web browser tool together (unauthenticated GET only), then the AI can send all your Jira data to the Internet.

Even big players get this design wrong quite often.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: