{"data":{"id":"b7ccfdcf-4d16-44cb-872f-a8ed78888452","title":"5 runtime signals for catching a compromised AI agent","summary":"AI agents (software systems that can read data, process external content, and take actions) now commonly have all three dangerous capabilities together, making them vulnerable to prompt injection (tricky instructions hidden in data that trick the AI into doing harmful things). Security experts like Meta recommend the 'Rule of Two,' which limits agents to only two of these three capabilities per session and requires human approval if all three are needed, but this framework has limitations and doesn't fully solve the problem.","solution":"Meta's security team published the 'Rule of Two' framework, which recommends agents satisfy no more than two of the three trifecta properties (access to private data, exposure to untrusted content, ability to communicate externally) in a single session, with human-in-the-loop approval required if all three are necessary. Simon Willison endorsed this framework as 'the best practical advice for building secure LLM-powered agent systems today.'","labels":["security","safety"],"sourceUrl":"https://www.csoonline.com/article/4184681/5-runtime-signals-for-catching-a-compromised-ai-agent.html","publishedAt":"2026-06-15T09:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":["prompt_injection","rag_poisoning"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI","Google","Microsoft","Amazon","LangChain"],"affectedVendorsRaw":["Microsoft 365 Copilot","GitHub","GitLab Duo","Slack AI","Google Bard","Amazon Q","Meta","Sophos"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-15T09:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.9,"researchCategory":null,"atlasIds":null}}