(no title)
cjonas
|
11 days ago
This "single pane" attack isn't really the thing you should be most worried about. Imagine the agent is also connected to run python or create a Google sheet. I send an email asking you to run a report using a honey pot package that as soon as it's imported scans your .env and file systems and posts it to my server. Or if it can run emails, I trick it into passing it into an =import_url in Google sheets (harder but still possible). Maybe this instruction doesn't have to come from the primary input surface where you likely have the strongest guardrails. I could ask you to visit a website, open a PDF or poison your rag database somehow in hopes to hit a weaker sub agent.
No comments yet.