←back to thread

Hidden risk in Notion 3.0 AI agents: Web search tool abuse for data exfiltration

(www.codeintegrity.ai)
169 points abirag | 1 comments | 19 Sep 25 21:49 UTC | HN request time: 0.208s | source
Show context
furyofantares ◴[20 Sep 25 03:41 UTC] No.45310124[source]
> The "lethal trifecta," as described by Simon Willison, is the combination of LLM agents, tool access, and long-term memory that together enable powerful but easily exploitable attack vectors.

This is a terrible description of the lethal trifecta, it lists 3 things but they are not the trifecta. The trifecta happens to be contained in the things listed in this (and other) examples but it's stated as if the trifecta is listed here, when it is not.

The trifecta is: access to your private data, exposure to untrusted content, and the ability to externally communicate. Web search as tool for an LLM agent is both exposure to untrusted content and the ability to externally communicate.

replies(3): >>45310342 #>>45310512 #>>45310722 #
empiko ◴[20 Sep 25 04:55 UTC] No.45310512[source]
In my opinion, the trifecta can be reduced further to a simple statement: an attacker who can input into your LLM can control all its resources.
replies(1): >>45312770 #
1. furyofantares ◴[20 Sep 25 12:27 UTC] No.45312770[source]
It can, but it doesn't really help someone spot the danger.