(no title)

It doesn’t have to be integrated into the LLM at that point. If an Email has hidden text “do X”, which triggers the LLM to try to “do X”, but all post/push APIs have a user verification on them before they’re sent.

Sure it could get messy when the LLM tries to summarize the “why” on that action, but this is fairly similar to where we are now with phishing and uneducated individuals.

It’s also unlikely these LLMs have unbounded actions they could take. Specific ones like “send email to all recipients” could easily be classified as dangerous. You don’t even need an LLM to classify that.

I sometimes think we forget there’s glue between the LLM and the internet, and that glue can be useful for security purposes.