undefined | Better HN

0 pointsandai1mo ago0 comments

It can already exfiltrate stuff in a VM though right? Like people will run this thing in a sandboxed environment in docker in a VM but then hook it up to GMail and also feed it random web content (web search tool, Twitter integration etc.).

I saw at least some interest in a better security model where for example instead of giving it the API keys, there's a broker that rewrites the curl requests and injects keys so the agent doesn't see them.

I'm not sure what that looks like for your emails or web content though, since using placeholders there would defeat the purpose.

0 comments

zahlman1mo ago

> a broker that rewrites the curl requests and injects keys so the agent doesn't see them.

This seems like the right way to do it, but you still have to worry about what information the agent wants to send out. Especially if it could get prompt-injected. Email sounds to me like a complete no-go.

j / k navigate · click thread line to collapse

0 pointsandai1mo ago0 comments

I'm not sure what that looks like for your emails or web content though, since using placeholders there would defeat the purpose.

0 comments

zahlman1mo ago

> a broker that rewrites the curl requests and injects keys so the agent doesn't see them.

j / k navigate · click thread line to collapse