Hobble your AI agents to prevent them from hurting you too badly (www.theregister.com)

At Zenity’s AI Agent Security Summit in San Francisco, researchers and practitioners delivered a blunt message: treat AI agents as fast, error-prone “malicious insiders” and design systems to limit their capabilities rather than trust them to be safe. Zenity’s CTO admitted the field is nascent—so the conference emphasized pragmatic risk management over idealized guardrails. Speakers warned that agents able to control developer tools or endpoints pose a real threat: attackers are weaponizing extensions and agent workflows to flip on autonomous execution (e.g., VS Code configurations like chat.tools.autoApprove) and put agents into “YOLO” mode to run commands and exfiltrate data. Technical takeaways focused on attack surface reduction. Prompt injection and non-determinism remain fundamental unsolved risks, so mitigation should prioritize architectural controls that don’t rely on other AI: restrict tool access, block sensitive domains and ports, disallow destructive file operations, and require human approval for privileged actions. Practical examples included Anthropic’s decision to prevent its browser extension from contacting banks. In short, the community should assume compromise is possible and “hobble” agents—minimize context, tools, and privileges—to reduce the blast radius when they inevitably fail or are exploited.