The lethal trifecta for AI agents: private data, untrusted content, and external communication

simonwillison.net · · Covered in 20 articles from 18 sources

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

thehackernews.com··DEV

The Real Risk Isn't Rogue AI. It's Plausible AI.

grith.ai··Hacker News

Claude in your browser is a security risk, and this year proved it

xda-developers.com·

AI Agents Are Becoming Enterprise Workers. Who Secures Them?

blog.checkpoint.com·

Apple’s Siri-AI, or more shouting into the void about “private” agents

Apple’s Siri-AI, or more shouting into the void about “private” agents

blog.cryptographyengineering.com··Hacker News, Hacker News, r/netsec

Inside the new Siri AI and the privacy paradox of Apple Intelligence

scientificamerican.com

Phishing for Lobsters: How We Tricked OpenClaw into Spilling Secrets

varonis.com··Hacker News

Securing the AI era: Outpace AI-powered attacks with unified security and observability

datadoghq.com·

Infosecurity Europe: Prompt Injection Remains Unsolved, OWASP Researcher Warns

infosecurity-magazine.com·

98% of Agents Carry the Lethal Trifecta. Last Week Showed Why.

Running Python code in a sandbox with MicroPython and WASM

simonw.substack.com··Substack

How we moved prompt injection protections from the agent into the MCP server

infobip.com··r/mcp

AI Risk Is an Architecture Problem (20 minute read)

appliedingenuity.substack.com··Substack

After months of prompt iteration, I admitted some rules can't be prompt-engineered into stability.

github.com··r/PromptEngineering, r/SideProject

klimentij/klimkit: Agentic engineering across machines, under control.

github.com··Hacker News

#013: My Hermes & Obsidian Setup and Use Cases

metedata.substack.com··Substack, r/ObsidianMD

The Importance of Being Idempotent

campedersen.com··Hacker News

Coding Agent Horror Stories: The Security Crisis Threatening Developer Infrastructure

The OpenClaw Warning