This is an edited version of a post I wrote for the Liberis internal engineering blog - it is not particularly original, most of the ideas come directly from Simon Willison’s article “Lethal Trifecta for AI agents” - but I thought it was worth writing a summary for our engineers, and sharing it more widely. Bruce Schneier summarised the current Agentic AI situation in his blog: We simply don’t know how to defend against these attacks. We have zero agentic AI systems that are secure ag...