There's been a lot of hype around solutions like default denial proxies, key vaults, and more, but nothing seems to address the core tension: an agent can be tricked into doing an attacker's bidding.
The best thing I could think of was to just run an observer loop and monitor everything the agent does with another LLM, but I'm curious if anyone has an elegant solution.
0 comments