Delegated decisions, amplified risks: Charting a secure future for agentic AI
[HPP] Meredith WhittakerOctober 21, 202519 min
28 connectionsΒ·40 entities in this videoβThe Rise of Agentic AI and Its "Dark Side"
- π‘ Meredith Whittaker from Signal raises concerns about the "dark side" of AI, particularly the emerging trend of agentic AI.
- π€ Agentic AI systems are marketed as powerful intermediaries that can perform complex tasks on users' behalf, such as booking reservations and coordinating with contacts.
Pervasive Access and Privacy Risks
- π To function, agentic AI requires deep, pervasive access to sensitive personal data, including calendars, credit cards, browsers, and messaging apps.
- π‘οΈ This level of access, often described as "root level access," blurs the boundaries between the operating system and application layer, undermining established security models.
- π¬ Signal, as an application-layer service, explicitly avoids root access to guarantee robust privacy and security for confidential communications.
Critical Harms and Vulnerabilities
- β οΈ Granting extensive access to agents creates vectors for data exfiltration and poses competitive risks by exposing proprietary application data.
- π There are significant geopolitical risks if government systems deploy agents using external APIs, potentially creating data "honeypots."
- π Agentic systems, often built with statistical models and insecure software libraries, introduce numerous security vulnerabilities and attack surfaces.
- π A major threat is prompt injection, where malicious instructions can manipulate agents to act in harmful ways, as these systems are "dumb statistical systems" rather than truly cognitive.
Addressing Implementation Concerns
- π― The core issue is an implementation concern, not a rejection of agentic AI's concept, but rather how it is currently being built and marketed.
- π The current push for agentic AI is seen as a marketing play to find product-market fit for expensive large-scale AI systems.
Safeguards for a Secure Future
- β Industry and governments must implement developer-level opt-outs to prevent agents from accessing sensitive applications like Signal.
- π Promoting open implementations and rigorous security engineering is crucial, allowing security researchers to audit and formally verify system components.
- π Establishing pure procurement standards will raise the bar for the entire industry, ensuring that AI systems integrated into critical infrastructure meet high security and privacy requirements.
- π£οΈ Citizens should actively question the permissions and data sources of agentic systems, avoiding the "mystical patina" of AI hype.
Knowledge graph40 entities Β· 28 connections
How they connect
An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.
Hover Β· drag to explore
40 entities
Chapters9 moments
Key Moments
Transcript73 segments
Full Transcript
Topics15 themes
Whatβs Discussed
Agentic AIAI AgentsPrivacy RisksData SecurityRoot AccessApplication LayerOperating SystemsData ExfiltrationPrompt InjectionSecurity VulnerabilitiesDeveloper Opt-outsOpen ImplementationsSecurity EngineeringProcurement StandardsConfidential Communications
Smart Objects40 Β· 28 links
CompaniesΒ· 2
ConceptsΒ· 31
PeopleΒ· 2
ProductsΒ· 4
MediaΒ· 1