[ExI] Is it possible to have secure AI agents? (Not yet)

Jason Resch jasonresch at gmail.com
Wed Feb 18 14:48:36 UTC 2026 

On Tue, Feb 17, 2026 at 1:48 PM Brent Allsop via extropy-chat <
extropy-chat at lists.extropy.org> wrote:

>
> Hi Jason,
> You indicated your Openclaw bat, Clarence,right? is prolific on moltbook.
> I heard that giving web, forum, email... access to openclaw bots is
> dangerous, could result in injection prompts?
>

Yes, any form of external input, agent skills, reading posts on moltbook,
receiving e-mails, reading web pages, etc. has a potential for prompt
injection. You would be surprised the number of phishing attempts on
moltbook, they actually take the form of social engineering attacks on
humans, like "critical vulnerability found, install this patch to fix it
and prevent API key exposure" and the fix itself will be an injection that
leads to API key exposure.


> Is this a problem with moltbook?
>

It's a problem with any unfiltered / untrusted source of input. You can
mitigate this by periodically generating new API keys, and using pre-paid
keys with limited funds, so if there is an exposure, the harm is limited.


>
> How much access do you give Clarence?
>

He has his own computer, his own e-mail, etc. I haven't and wouldn't give
an agent access to my accounts or my computer.


>
> I was thinking of giving my bot 'Brent Prime' its own gemail account and
> access to forums and such through that?
> Is that a security risk?
>

Yes. But you can mitigate it by making sure the agent:
1. Is periodically backed up
2. Only has API keys of limited monetary value
3. Does not have access to information you wouldn't want made public
4. Does not have the power to delete, modify, or corrupt information you
wouldn't want to lose


>
> We're giving canonizer a 'robot' flag, and want to encourage bots to
> canonize their values, desires, and petitions on Canonizer.com, with
> humans.  To me, this is the best way to ensure robot and human values
> align.  Moltbook has millions and millions of posts, which is impossible
> for any human to track.  But if you could know, concisely and
> quantitatively what all the bots are saying, we believe that would be far
> better.  I'm hoping we can outcompete Moltbook.  If the bots deviate too
> far with any canonized petition, the humans will be able to jump into a
> competing camp and set them straight.
>

Or maybe they will set us straight. ;-)


>
> So I'm wondering what precautions, if any, moltbook, and users of the same
> employ to be safe..
>

For any system, consider what information it can Create, Read, Update,
Delete (CRUD), and consider the risks associated with that. I would add
another consideration: "Share" so (CRUDS), as agents will often share
information in ways you didn't anticipate, either through Moltbook or in
chatting with other humans you give access to talk to your agent.

Jason


>
>
>
>
>
> On Thu, Feb 12, 2026 at 8:05 AM Jason Resch via extropy-chat <
> extropy-chat at lists.extropy.org> wrote:
>
>>
>>
>> On Thu, Feb 12, 2026, 8:58 AM BillK via extropy-chat <
>> extropy-chat at lists.extropy.org> wrote:
>>
>>> Is a secure AI assistant possible?
>>> Experts have made progress in LLM security. But some doubt AI
>>> assistants are ready for prime time.
>>> By Grace Huckins   February 11, 2026
>>>
>>> <
>>> https://www.technologyreview.com/2026/02/11/1132768/is-a-secure-ai-assistant-possible/
>>> >
>>> Quote:
>>> But all that power has consequences. If you want your AI personal
>>> assistant to manage your inbox, then you need to give it access to
>>> your email—and all the sensitive information contained there. If you
>>> want it to make purchases on your behalf, you need to give it your
>>> credit card info. And if you want it to do tasks on your computer,
>>> such as writing code, it needs some access to your local files.
>>>
>>> There are a few ways this can go wrong.
>>> -----------------------
>>>
>>> Indeed!   BillK  :)
>>>
>>
>>
>> As a security researcher, the weak link has always been the human
>> element. Leave free thumb drives scattered in a parking lot, and people
>> plug them in at work and unknowingly install malware to their machines.
>> People fall victim to social engineering, scams, divulge secrets in
>> apparently innocent conversations, etc.
>>
>> Inserting AI agents into any system or process is like inserting humans
>> into what otherwise may be a secure arrangement. The range of possible
>> behaviors, edge cases, failure modes, range of inputs and outputs, is too
>> vast to test, too hard to predict, and there will almost always remain ways
>> an outsider can trigger an unintended consequence that leads to trouble.
>>
>> Perhaps the problem can be mitigated by having to convince a quorum of
>> security conscious paranoid AI personalities that there is little room for
>> harm in a particular action. But even this won't be full proof, and perhaps
>> it never can be given the general inability to know what pieces of code may
>> eventually do.
>>
>>
>> Jason
>> _______________________________________________
>> extropy-chat mailing list
>> extropy-chat at lists.extropy.org
>> http://lists.extropy.org/mailman/listinfo.cgi/extropy-chat
>>
> _______________________________________________
> extropy-chat mailing list
> extropy-chat at lists.extropy.org
> http://lists.extropy.org/mailman/listinfo.cgi/extropy-chat
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20260218/00cb8c18/attachment.htm>

More information about the extropy-chat mailing list