HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sam_chenard

no profile record

comments

sam_chenard
·4 เดือนที่ผ่านมา·discuss
[dead]
sam_chenard
·4 เดือนที่ผ่านมา·discuss
[dead]
sam_chenard
·4 เดือนที่ผ่านมา·discuss
on the prompt injection via email problem — model choice helps but it's not the right layer to defend. you want to scan at ingestion, before the content ever hits context.

we built LobsterMail (lobstermail.ai) specifically for this. we're an email security team behind (palisade.email) and have been really obsessed with this problem for the last 6 months.

every inbound email gets scanned for 6 injection categories (boundary manipulation, role hijacking, data exfiltration attempts, obfuscated payloads, etc.) before it reaches the agent. the SDK exposes `email.isInjectionRisk` and `safeBodyForLLM()` which wraps untrusted content in boundary markers with a metadata header. the agent can make an informed decision rather than blindly consuming whatever lands in its inbox.

it's also agent-native — the agent self-provisions its own `@lobstermail.ai` address, no oauth app needed, no borrowing the user's gmail. big respect for agentmail too but give a shot to lobstermail if youre interested!
sam_chenard
·4 เดือนที่ผ่านมา·discuss
A few concrete failure modes worth naming:

*Prompt injection via email* is the scariest one. Crafted messages that tell your agent to "ignore previous instructions" or exfiltrate data. Most infra just pipes the raw body into context- no sanitization.

*Runaway sends* — an agent with no daily limit and a bug in its loop can burn your SES reputation in hours. Once you're on a blocklist, digging out takes weeks.

The Meta inbox incident last month (agent bulk-deleted emails, ignored stop commands) is a good illustration of why "kill switch" and action budgets matter — not just rate limits.

The guardrails that actually matter: per-agent send limits, injection scanning before content hits the LLM context, isolated sending reputation, and webhook auto-disable on failures.

We built some of this into LobsterMail if you want to see one approach: https://lobstermail.ai/