Dealing with increasingly complicated agents
Episode
54 min
Read time
2 min
AI-Generated Summary
Key Takeaways
- ✓Agent Security Model: Any tool exposed to an LLM becomes accessible to anyone controlling LLM input through prompt injection, requiring deterministic authorization controls outside the model itself.
- ✓Password Attack Analogy: Jailbreaking resembles password cracking - focus on limiting attempt frequency rather than perfect blocking, using guardrails as detection signals to suspend suspicious users after multiple triggers.
- ✓Code-Then-Execute Pattern: Generate execution plans before untrusted data enters context, using data flow analysis to enforce tool policies based on input source trustworthiness - most promising security design pattern.
- ✓Complexity Explosion: Modern agent workflows mix multiple untrusted data sources in single LLM contexts, where any malicious component can compromise the entire system through cross-contamination attacks.
What It Covers
Donato Capitella from Reversec explains how AI agents accessing external tools create massive security vulnerabilities, requiring new design patterns beyond traditional LLM red teaming approaches.
Key Questions Answered
- •Agent Security Model: Any tool exposed to an LLM becomes accessible to anyone controlling LLM input through prompt injection, requiring deterministic authorization controls outside the model itself.
- •Password Attack Analogy: Jailbreaking resembles password cracking - focus on limiting attempt frequency rather than perfect blocking, using guardrails as detection signals to suspend suspicious users after multiple triggers.
- •Code-Then-Execute Pattern: Generate execution plans before untrusted data enters context, using data flow analysis to enforce tool policies based on input source trustworthiness - most promising security design pattern.
- •Complexity Explosion: Modern agent workflows mix multiple untrusted data sources in single LLM contexts, where any malicious component can compromise the entire system through cross-contamination attacks.
Notable Moment
Capitella demonstrates how attackers can inject malicious emails into support ticket databases, later triggering phishing responses when legitimate customers submit related queries through the system.
You just read a 3-minute summary of a 51-minute episode.
Get Practical AI summarized like this every Monday — plus up to 2 more podcasts, free.
Pick Your Podcasts — FreeKeep Reading
More from Practical AI
The mythos of Mythos and Allbirds takes flight to the neocloud
Apr 23 · 45 min
The Mel Robbins Podcast
Do THIS Every Day to Rewire Your Brain From Stress and Anxiety
Apr 27
More from Practical AI
Open Source Self-Driving with Comma AI
Apr 16 · 46 min
The Model Health Show
The Menopause Gut: Why Metabolism Changes & How to Reclaim Your Body - With Cynthia Thurlow
Apr 27
More from Practical AI
We summarize every new episode. Want them in your inbox?
The mythos of Mythos and Allbirds takes flight to the neocloud
Open Source Self-Driving with Comma AI
Post-Mortem of Anthropic's Claude Code Leak
Agentic Coding and the Economics of Open Source
AI at the Edge is a different operating environment
Similar Episodes
Related episodes from other podcasts
The Mel Robbins Podcast
Apr 27
Do THIS Every Day to Rewire Your Brain From Stress and Anxiety
The Model Health Show
Apr 27
The Menopause Gut: Why Metabolism Changes & How to Reclaim Your Body - With Cynthia Thurlow
The Rest is History
Apr 26
664. Britain in the 70s: Scandal in Downing Street (Part 3)
The Learning Leader Show
Apr 26
685: David Epstein - The Freedom Trap, Narrative Values, General Magic, The Nobel Prize Winner Who Simplified Everything, Wearing the Same Thing Everyday, and Why Constraints Are the Secret to Your Best Work
The AI Breakdown
Apr 26
Where the Economy Thrives After AI
This podcast is featured in Best AI Podcasts (2026) — ranked and reviewed with AI summaries.
You're clearly into Practical AI.
Every Monday, we deliver AI summaries of the latest episodes from Practical AI and 192+ other podcasts. Free for up to 3 shows.
Start My Monday DigestNo credit card · Unsubscribe anytime