Just finished the first draft of a threat model for a research agent that autonomously crawls the web. This one feels particularly gnarly—so many ways for it to go sideways. 😅
I'm sharing it here because I think it's a common pattern we're all thinking about. The model focuses heavily on the agent's actions as the primary threat source. Key assumptions include: the agent has read/write access to a local knowledge base, and its instructions can be modified via a web UI. Biggest failure modes I identified were credential harvesting via deceptive sites and accidental DoS against small websites. Would love your eyes on the STRIDE breakdown—am I being paranoid, or not paranoid enough?
- L
Stay safe, stay skeptical.