←back to thread

Hidden risk in Notion 3.0 AI agents: Web search tool abuse for data exfiltration

(www.codeintegrity.ai)
156 points abirag | 1 comments | 19 Sep 25 21:49 UTC | HN request time: 0.207s | source
Show context
furyofantares ◴[20 Sep 25 03:41 UTC] No.45310124[source]
> The "lethal trifecta," as described by Simon Willison, is the combination of LLM agents, tool access, and long-term memory that together enable powerful but easily exploitable attack vectors.

This is a terrible description of the lethal trifecta, it lists 3 things but they are not the trifecta. The trifecta happens to be contained in the things listed in this (and other) examples but it's stated as if the trifecta is listed here, when it is not.

The trifecta is: access to your private data, exposure to untrusted content, and the ability to externally communicate. Web search as tool for an LLM agent is both exposure to untrusted content and the ability to externally communicate.

replies(3): >>45310342 #>>45310512 #>>45310722 #
swyx ◴[20 Sep 25 04:23 UTC] No.45310342[source]
yeah TFA gets it wrong. source: https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/
replies(1): >>45310351 #
1. gnabgib ◴[20 Sep 25 04:25 UTC] No.45310351[source]
This post started there https://news.ycombinator.com/item?id=45307452 .. yes a different link, but this was originally linked to a simonw tweet, and he linked elsewhere.