What are the key takeaways from this Practical AI episode?

Key insights include: **Agent Security Model:** Any tool exposed to an LLM becomes accessible to anyone controlling LLM input through prompt injection, requiring deterministic authorization controls outside the model itself.; **Password Attack Analogy:** Jailbreaking resembles password cracking - focus on limiting attempt frequency rather than perfect blocking, using guardrails as detection signals to suspend suspicious users after multiple triggers.; **Code-Then-Execute Pattern:** Generate execution plans before untrusted data enters context, using data flow analysis to enforce tool policies based on input source trustworthiness - most promising security design pattern.

What did Increasingly Complicated Agents discuss on Practical AI?

Donato Capitella from Reversec explains how AI agents accessing external tools create massive security vulnerabilities, requiring new design patterns beyond traditional LLM red teaming approaches. Key topics include: **Agent Security Model:** Any tool exposed to an LLM becomes accessible to anyone controlling LLM input through prompt injection, requiring deterministic authorization controls outside the model itself.; **Password Attack Analogy:** Jailbreaking resembles password cracking - focus on limiting attempt frequency rather than perfect blocking, using guardrails as detection signals to suspend suspicious users after multiple triggers..

How long is this episode of Practical AI?

This episode is 54 minutes long. SignalCast provides an AI-generated summary so you can get the key insights in about 3 minutes.

Practical AI

Dealing with increasingly complicated agents

October 16, 2025

54 min episode · 2 min read

Increasingly Complicated Agents

Episode

54 min

Read time

2 min

Topics

Productivity, Design & UX, Artificial Intelligence

AI-Generated Summary

Published Dec 19, 2025

Key Takeaways

✓Agent Security Model: Any tool exposed to an LLM becomes accessible to anyone controlling LLM input through prompt injection, requiring deterministic authorization controls outside the model itself.
✓Password Attack Analogy: Jailbreaking resembles password cracking - focus on limiting attempt frequency rather than perfect blocking, using guardrails as detection signals to suspend suspicious users after multiple triggers.
✓Code-Then-Execute Pattern: Generate execution plans before untrusted data enters context, using data flow analysis to enforce tool policies based on input source trustworthiness - most promising security design pattern.
✓Complexity Explosion: Modern agent workflows mix multiple untrusted data sources in single LLM contexts, where any malicious component can compromise the entire system through cross-contamination attacks.

What It Covers

Donato Capitella from Reversec explains how AI agents accessing external tools create massive security vulnerabilities, requiring new design patterns beyond traditional LLM red teaming approaches.

Key Questions Answered

•Agent Security Model: Any tool exposed to an LLM becomes accessible to anyone controlling LLM input through prompt injection, requiring deterministic authorization controls outside the model itself.
•Password Attack Analogy: Jailbreaking resembles password cracking - focus on limiting attempt frequency rather than perfect blocking, using guardrails as detection signals to suspend suspicious users after multiple triggers.
•Code-Then-Execute Pattern: Generate execution plans before untrusted data enters context, using data flow analysis to enforce tool policies based on input source trustworthiness - most promising security design pattern.
•Complexity Explosion: Modern agent workflows mix multiple untrusted data sources in single LLM contexts, where any malicious component can compromise the entire system through cross-contamination attacks.

Notable Moment

Capitella demonstrates how attackers can inject malicious emails into support ticket databases, later triggering phishing responses when legitimate customers submit related queries through the system.

Know someone who'd find this useful?

You just read a 3-minute summary of a 51-minute episode.

Get Practical AI summarized like this every Monday — plus up to 2 more podcasts, free.

Pick Your Podcasts — Free

Similar Episodes

Related episodes from other podcasts

Eye on AI

Jun 6

Explore Related Topics

⚡Productivity 🎨Design & UX 🤖Artificial Intelligence

This podcast is featured in Best AI Podcasts (2026) — ranked and reviewed with AI summaries.

Read this week's AI & Machine Learning Podcast Insights — cross-podcast analysis updated weekly.

You're clearly into Practical AI.

Every Monday, we deliver AI summaries of the latest episodes from Practical AI and 192+ other podcasts. Free for up to 3 shows.

Start My Monday Digest

No credit card · Unsubscribe anytime

Dealing with increasingly complicated agents

AI-Generated Summary

Key Takeaways

What It Covers

Key Questions Answered

Notable Moment

Keep Reading

Breaking down the 2026 Stanford AI Index Report

Every Enterprise Is About to Have a 100,000 Agent Problem | Oren Michaels of Barndoor AI

Rebooting Enterprise AI with MCP and Kubernetes

Building an AI Guardian for Enterprise with Onyx Security CEO Maxim Bar Kogan

More from Practical AI

Breaking down the 2026 Stanford AI Index Report

Rebooting Enterprise AI with MCP and Kubernetes

Hermes Agent: Agents that grow with you

U.S. Congressman Beyer on AI challenges facing America and the World

The Myth of Model Wars: Open vs Closed AI in 2026

Similar Episodes

Every Enterprise Is About to Have a 100,000 Agent Problem | Oren Michaels of Barndoor AI

Building an AI Guardian for Enterprise with Onyx Security CEO Maxim Bar Kogan

Harrison Chase of LangChain on Deep Agents, LangSmith, and Earning Trust | NVIDIA AI Podcast Ep. 297

Your Agent's Self-Improving Swiss Army Knife: Composio CTO Karan Vaidya on Building Smart Tools

TECH015: OpenClaw and Self Sovereign AI w/ Alex Gladstein and Justin Moon (Tech Podcast)

Explore Related Topics

You're clearly into Practical AI.