What this post surfaces and what often gets overlooked - is that the attack surface is defined by the assumptions we bake into workflows and interfaces.
When prompts aren’t just text but the control plane, the security boundary becomes systemic, not just architectural.
Risk isn’t “AI behaviour”, but it’s how structures interpret language as authority.
I imagine some will stay vigilant, others will get lucky, and a few will learn to tighten security after a breach or issue. I went to an MCP conference and the people building real agents spent a lot of time on the design and setup on containers and workflows due to security.
What this post surfaces and what often gets overlooked - is that the attack surface is defined by the assumptions we bake into workflows and interfaces.
When prompts aren’t just text but the control plane, the security boundary becomes systemic, not just architectural.
Risk isn’t “AI behaviour”, but it’s how structures interpret language as authority.
This was so well thought out and comprehensive, thanks for sharing.
Thank you, Tonie 🙏
I wonder if this year the focus will finally shift to data security. OpenClaw clearly set the stage for it.
I imagine some will stay vigilant, others will get lucky, and a few will learn to tighten security after a breach or issue. I went to an MCP conference and the people building real agents spent a lot of time on the design and setup on containers and workflows due to security.