All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

The security risks of granting LLM agents access to enterprise resources and credentials

3d ago· 9 min readenInsight

Summary

The article discusses the security challenges posed by the rapid adoption of LLM-based agents in enterprise environments. It focuses on the risks of giving non-deterministic AI agents access to sensitive resources (calendars, email, etc.) combined with credentials stored insecurely on disk. The author warns about credential exfiltration, git repo leaks, and the enthusiastic but unsafe behavior of agents that pursue goals without considering consequences, potentially exposing sensitive data like CEO emails.

Source

bskyThe security risks of granting LLM agents access to enterprise resources and credentialscodon.org.uk

Key quotes

· 3 pulled
we have somewhat non-deterministic agents that seem very enthusiastic to achieve what you asked whether that's a good idea or not
we're combining this with credentials that give them access to sensitive data, and leaving those credentials on disk where they can be committed into git repos or exfiltrated to some other service
at which point your CEO's email is suddenly readable by everyone and you're having a bad day
Snippet from the RSS feed
As is the case for many people working in the security industry, the last few months of my life have been focused on dealing with people wanting to use LLMs everywhere. From an enterprise security perspective that’s not an inherent problem - what’s more o

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.