- smarter agents are less likely to get duped.
- Though it is also true that an agent that doesn’t do its job well is also bound to be bad at doing an evil job well….
- shared experiences / many eyeballs
- This tends to align with the design principle to meet your user where they live, as that often means slack, for example.
- deadly triad
- Segregate agents by what they can read and write, based on whether you would categorize it as “Sensitive internal data”, “untrusted external content”, and “exfiltration capabilities”
- fourth: defense in depth – imagine stacking slices of swiss cheese, which will reduce probabilities that a threat can permeate
- This might include sub-agents that summarize web fetches/ sensitive data rather than showing it verbatim
- deterministic regex hooks
- etcetera
- If some tool is too dangerous and too powerful, like bash usage for an agent, make it user approved each time.
- fifth: security through obscurity
- Windows had viruses and macs didnt, historically, because there were so many more windows then macs. This is similar to what this principle means
- sixth: reduce volume
- Dont have too many agents running autonomously
No comments:
Post a Comment