Don't Give Keys to AIs: Microsoft FIDES and the Control Plane Agents Need
I do not trust agent demos where the same model context can read a public issue, inspect a private repository, and post back to the internet with one broad token. That is not autonomy. That is a breach waiting for a better prompt injection. Prompt injection is usually framed as a model problem: the model read hostile text and followed it. I think that framing is too small. The real problem is authority. We keep putting hostile text, private data, and privileged tools into the same execution loop, then asking the model to behave. ...