Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Or give them access to appropriately permissioned tools and not superuser/admin/service accounts that can access everything


It's often missed that tools that only read information are perfect for data exfiltration (no need for any more permissions).

So if you add a Jira tool and a web browser tool together (unauthenticated GET only), then the AI can send all your Jira data to the Internet.

Even big players get this design wrong quite often.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: