Working with AI agents and Large Language Models introduces new security dimensions where text becomes vulnerable and can have executable intent. The three critical pillars that make agents vulnerable are: (1) access to privileged information or private data, (2) exposure to untrusted content from the outside world, and (3) the ability to communicate externally. Most agents by default possess all three of these capabilities simultaneously, creating a significant security risk.
Installez notre extension pour rechercher instantanément dans n'importe quelle vidéo
The New Security Rules for Agentic CodingIndexé :
Your AI coding agent has access to your secrets, pulls in content from the outside world, and can run shell commands. According to Joe Holdcroft, that combination makes you one prompt injection away from a very bad time. The tools haven't changed the fundamentals of security — they've just made every existing risk move faster, and introduced a few genuinely new ones. **In this episode** - Why the "lethal trifecta" of agent capabilities creates a novel threat surface - How text and markdown files have become a new class of vulnerability - Slop squatting: the attack vector created by agents hallucinating package names - The context supply chain — and why it mirrors the early days of npm security - What a "CBOM" (context bill of materials) might look like and why we may need one - How to think about agent trust using the contractor mental model
Working with agents and LMS introduces some new dimensions on security that we wouldn't normally think about. Text becomes something that can be vulnerable, can have some executable intent. A couple years ago, you would never worry about the security of a markdown document, a combination of some access to privileged information or some private data, some exposure to some untrusted content maybe from the outside world, and the ability to communicate externally. Most agents by default are going to have all of these three things and that is where you're one prompt injection away from uh let's say bad time.
>> The AI native dev is a podcast for developers and engineering leads at the cutting edge of AI and agentic coding.
Join your hosts Guy Pjani and me Simon Maple every week as we chat with the most exciting voices in AI and tackle the biggest questions facing developers today.
This is the AI native dev.
Vidéos Similaires
Decart Raises $300M to Build the Future of Realtime AI
DecartAI
252 views•2026-05-18
I Read Every Google Antigravity 2.0 Doc So You Don't Have To (13-Min Operator Playbook)
hyperautomationlabs1045
120 views•2026-05-19
Could AI change the future of cancer survival?
MotherConservative
999 views•2026-05-16
Firefox on Android Just Added 'Shake to Summarize'
BrenTech
349 views•2026-05-19
Google’s NEW AI Just SHOCKED The World…
JulianGoldiePodcast
188 views•2026-05-21
WWDC 2026 Promises Apple Intelligence and Siri Upgrades | Episode 195
TheMacRumorsShow
104 views•2026-05-22
RNNs Had a Fatal Flaw — Why Transformers Replaced Sequential Processing
axiom-motion-math
567 views•2026-05-18
Pu Lawmna Kima (LuhsAITech CEO) kawmna | India rama a hmasa ber niturin Agentic AI an siamchhuak ta!
mizoofficialchannel109
5K views•2026-05-19
