| ▲ | shich 7 hours ago | |
the trust problem cuts both ways tho — users don't trust agents, but the bigger issue is agents trusting each other. once you have multi-agent pipelines, you're one rogue upstream output away from a cascade. sandboxing individual agents is table stakes; what's actually hard is defining trust boundaries between them | ||
| ▲ | medi8r 5 hours ago | parent [-] | |
Also agents cannot trust any data whatsoever they add to their context. This puts reading email for example as a risk. Probably not impossible to create a worm that convinces a claw to forward it to every email address in that inbox. And then exfiltrate all the emails. Then do a bunch of password resets. Then get root access to your claw. But not just email. Github issues, wikipedia, HN etc. may be poisoned. See https://simonw.substack.com/p/the-lethal-trifecta-for-ai-age... but there may be more trifectas than that in a claw driven future. | ||