The main issue why we don't see AI agents in products: PROMPT INJECTIONS

Even with the most advanced LLMs and even sandboxing there is always the risk of prompt injections and data extraction.

Even if the AI can't directly upload data to the internet, or delete local data, there are always some ways to leak data. For example by crafting an email with the relevant text in white or invisible somewhere. The user clicks "ok send" from what they see, but still some data is leaked.

Apple intelligence is based on a local model on the device, which is much more susceptible for prompt injections.

▲

bertili 4 hours ago | parent [-]

Surely this is the elephant in the room, but the point here is that Apple as control over its ecosystem, so it may be able to sandbox and make entitlements and transparency good enough, in the apps that the bot can access.

	▲	andix 4 hours ago \| parent [-]
		Like I said: sandboxing doesn't solve the problem. As long as the agent creates more than just text, it can leak data. If it can access the internet in any manner, it can leak data. The models are extremely creative and good at figuring out stuff, even circumventing safety measures that are not fully air tight. Most of the time they catch the deception, but in some very well crafted exploits they don't.