I’m with you for the most part. A lot of, but certainly not all or the security risks are present regardless of whether or not you’re in a VM.

I think defense in depth will eventually matter more, but there are a LOT of low-hanging fruit for attackers right now when it comes to turning AI agents against their users, which is what I think you’re alluding to!