| ▲ | bberenberg 4 hours ago | |
Only if it has access to exfiltrate data. We deny by default and the company has to allowlist each individual destination. | ||
| ▲ | degamad an hour ago | parent [-] | |
> Only if it has access to exfiltrate data. Or if it has access to a tool call which allows it to exfiltrate data. In the example identified, the AI agent never accesses the exfiltration URL. The agent sends an innocuous-looking message to a user via a teams message. MSTeams previews the link, accessing the exfiltration URL. | ||