Why AI Agents Need Email Guardrails(molted.email)
molted.email
Why AI Agents Need Email Guardrails
https://molted.email/blog/why-ai-agents-need-email-guardrails
3 comments
email was dying, really dying, we were so close to liberating ourselves
and now we’re stuck because the clankers need someone to talk to
just wait — they are about to assign the clankers phone numbers, and give them the employee phone list…
and now we’re stuck because the clankers need someone to talk to
just wait — they are about to assign the clankers phone numbers, and give them the employee phone list…
i mean, i think they already did give the clankers phone numbers, check out the youtube vid by Steve Mould where he's called by an AI and he realises it and asks for a recipe of bolognese. it's hilarious
*Prompt injection via email* is the scariest one. Crafted messages that tell your agent to "ignore previous instructions" or exfiltrate data. Most infra just pipes the raw body into context- no sanitization.
*Runaway sends* — an agent with no daily limit and a bug in its loop can burn your SES reputation in hours. Once you're on a blocklist, digging out takes weeks.
The Meta inbox incident last month (agent bulk-deleted emails, ignored stop commands) is a good illustration of why "kill switch" and action budgets matter — not just rate limits.
The guardrails that actually matter: per-agent send limits, injection scanning before content hits the LLM context, isolated sending reputation, and webhook auto-disable on failures.
We built some of this into LobsterMail if you want to see one approach: https://lobstermail.ai/