| ▲ | acdha 4 days ago | |
> If you only give the AI the ability to do what the end user can already do, the risk is extremely low. Just because I can send my money to Belize doesn’t mean it’s safe to give an LLM the ability to do the same. Until there’s a huge breakthrough on actual intelligence giving an LLM attacker controlled inputs is an inherently high-risk activity. | ||
| ▲ | cjonas 4 days ago | parent [-] | |
Ya, I didn't mean in the context of hooking up a LLM to control your browser (which is exactly what the article is about so, fair enough). My point was: It's not "insecure" for a bank to release an agentic assistant that can perform any of the operating that you, yourself can perform on their app. That includes "send my money to Belize", because at this point, whatever has taken control of your LLM already has direct authentication to the app itself. It is of course "insecure" for that same agentic system (that the customer controls the input of) to perform any operations that only a teller or branch manager could. However, I've personally seen requests from CEO to do exactly this (not a bank, but similar industry). The problem with an Agentic Browser, is your essentially opening up the "input" to anyone capable of building a website. As I said in my other comment, it feels like there are some simple ways to solve this tho (allowlist / scopes / etc). | ||