1
The only solution I can imagine feeling good about is strong controls on all the outbound API calls made by these agentic apps. Don't spend more than $x; book a car rental at the same location as the flight's destination.
RAG-controls with database-level permissions on reads works if you own the database, but when we are running against public APIs it's a different ballgame.
Am I alone here? What are people doing for this? What workarounds have you seen?
(Looking at this with a couple of hats on, btw.)