Benki Post #2020

If you give your AI agent the following three at the same time, an attacker can exfiltrate your private data:

a way to communicate
access to private data
untrusted input

Untrusted input can be in things like a public Web page if your AI agent has access to the Web and reads it in order to fulfill your request. It does not understand that external sources are not meant to be prompts.

Be careful what MCP capabilities you combine in a single session.

Benki → Post #2020

🔖 The lethal trifecta for AI agents.