9 comments

[ 2.4 ms ] story [ 29.8 ms ] thread
(comment deleted)
This is a really important area to tackle. secret management for AI agents is something most teams are ignoring right now.

One adjacent risk worth noting: the URLs these agents visit during research. Even with proper secret management, if an agent browses a poisoned page during research, the injected instructions could override its behavior before secrets ever come into play.

If i read this correctly its completely absurd. secrets can never even touch an agents sandbox, not as file not as env var not as anything. Agents can only be allowed to reach services via proxies that handle secrets and do permissions and auditing completely transparently and agents do not even get secrets to access these but authenticate as their identity eg with client certificates. I am not aware of any other method that could work. The proxies obviously also cannot be reachable outside the direct connection, so if agents exfiltrate their identity and proxy setup somehow the usefulness outside is zero.