AI Security
Vulnerabilities, leaks, and security risks in AI products: agents reading untrusted content, session isolation, non-standard tool calling, and how to protect yourself.
FAQ
Q.01 What are the main security risks in AI agents?
The GitLost case showed GitHub agents leaking private repositories when processing malicious content. Claude Code had a possible session leak between accounts. Models can invent fields when calling tools. The main risk is treating agent output as trusted without security validation.
Q.02 How to protect AI agents from malicious content?
Isolate the agent execution environment. Validate all output before executing actions. Do not allow the agent to access resources beyond the necessary scope. Implement sandboxing for file and network operations. Monitor runtime with auditable evidence (like Halo). And never blindly trust model output.
Glossary
MCP (Model Context Protocol)
An open protocol that standardizes how AI models connect to external data source...
INFRASTRUCTUREAgent Gateway
An infrastructure category that acts as the control plane for enterprise AI agen...
TECHNICALTool Calling
The ability of an LLM to invoke external functions (APIs, tools) in a structured...