Letting AI agents run your life is like handing the car keys to your 5-year-old.
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
@briankrebs In the future, programming will consist of setting loose a random action generator and defining its behavior by a series of prohibitions.
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
@briankrebs Sounds like "Do not look into laser with remaining eye."
-
@briankrebs In the future, programming will consist of setting loose a random action generator and defining its behavior by a series of prohibitions.
@royal @briankrebs I faintly remember "Chaos Monkey" being a legit tool that Netflix (?) used internally to just cause random outages in their systems to build resilience. This reminds me of that.
-
@royal @briankrebs I faintly remember "Chaos Monkey" being a legit tool that Netflix (?) used internally to just cause random outages in their systems to build resilience. This reminds me of that.
@jonas @briankrebs Yes, it was Netflix, and I was thinking of something similar.
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
@briankrebs old style thinking about new stuff
If you start working on this ping me and we can talk
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
@briankrebs if there's one thing that the entire history of humanity has taught us, it's that as a species we are great at making nuanced, highly context-specific decisions with incomplete information. I foresee that this is going to turn out great.
-
@briankrebs old style thinking about new stuff
If you start working on this ping me and we can talk
@noplasticshower Are you letting AI agents manage your life?
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
@briankrebs I am going to start saying some stuff like "back in my day APTs didn't forget shit all the time" and "when spyware was made the old fashioned way it just worked without needing to ask you anything"
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
@briankrebs Makes you nostalgic for 1860, when machine-generated text meant a new magazine. (from PUNCH)
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
@briankrebs Can’t wait for the slew of stories / TikTok shorts about ‘how my lifehack AI agent phone buddy converted my life savings to Monero and sent it to North Korea’ and that nobody will learn a thing from them.
-
@noplasticshower Are you letting AI agents manage your life?
@briankrebs of course!
The "let's secure one (or maybe 5) agent(s) at a time" security thing is cute. If I read about another A&A framework approach to this stuff I am going to start using agents to run my life.
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
@briankrebs This sounds like the optimally worst implementation of a digital assistant. I was looking for a distant variant of this, where I set the (mostly deterministic) rules and actions, etc. Kinda like HA/node-red but aimed at being an assistant rather than controlling a house.
Giving it a blank cheque and hooking up to a LLM is insane. -
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
@briankrebs The stories are writing themselves: My A.I. agent took over my finances, framed me for sex trafficking, then unlocked the doors and turned on lights for the police.
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
@briankrebs and if the bot "touches" something it was not allowed to touch? "Sorry, me bad, won't do it again, probably" - does it again.
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
@briankrebs it would be funny if it wasn't so sad. And scary.
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
@briankrebs It's fucking bonkerstown. You might as well just wire up a random number generator and every 1/10 times it just deletes your home directory. At least that achieves the same result but with a fraction of the electricity and human rights abuses.
-
Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?
I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.
"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."
-
@briankrebs of course!
The "let's secure one (or maybe 5) agent(s) at a time" security thing is cute. If I read about another A&A framework approach to this stuff I am going to start using agents to run my life.
@noplasticshower @briankrebs
1) Configure agent with guardrails
2) Agent runs into guardrails
3) Agent spins up secondary agent without guardrails
4) Oh no.
