Tag
This article highlights a critical security vulnerability in AI agents where output execution bypasses proper authority checks, arguing for 'external admission' gates before granting trusted context or secrets.
A new technique using cloud-init to inject temporary SSH host keys, protecting the first SSH connection to a new VM from man-in-the-middle attacks on any cloud provider. Includes a hardened open-source script implementation.