alt Hacker NewsThe Webpage Has Instructions. The Agent Has Your Credentials
Comments
stavros • today at 5:24 PM
Why does the agent have your credentials? There's no need for that! I made one that doesn't:
➕ show 1 reply
petesergeant • today at 6:45 PM
I am building https://agentblocks.ai for just this; you set fine-grained rules on what your agents are allowed to access and when they have to ask you out-of-channel (eg via WhatsApp or Slack) for permissions, with no direct agent access. It works today, well, supports more tools than are on the website, and if you have any need for this at all, I’d love to give you an account: [email protected]
Works great with OpenClaw, Claude Cowork, or anything, really
This is the natural consequence of building everything around "the agent needs access to everything to be useful." The more capabilities you hand an agent, the larger the attack surface when it encounters a malicious page.
The simplest mitigation is also the least popular one: don't give the agent credentials in the first place. Scope it to read-only where possible, and treat every page it visits as untrusted input. But that limits what agents can do, which is why nobody wants to hear it.