ATRIUMsearch → argument graph
ExampleAudio · 18:11 — 19:41

Simple yes/no allow-lists for agent tool permissions can't capture real risk; agent security needs stateful, contextual policies that track session history so a combination of individually-fine actions can be blocked when risky together.

Matei explains that binary tool-permission rules fail because actions that are fine alone (reading a doc, installing a package) become dangerous in combination via prompt injection, so Omnigent tracks session state to make contextual security decisions. ✦ AI generated

Matei Zaharia · Latent Space · 2026-06-24 · original ↗

plays this moment only · 18:11 — 19:41

Elicited by

what have you found there?

should my agent be able to read, some confidential documents, or let's say, should it be able to install new packages from npm, which, maybe it's compromised. Yes or no? Like, maybe I wanna allow it. Should my agent be able to publish stuff to the company website? Well, if I'm using it to code on the website, yes. But should it be able to do both, so it can, like grab a confidential document and be prompt injected and leak it? Probably not.

verbatim transcript · starts at 18:11

Transcript · around this moment

18:03Agent Security, Governance, and Spend Controls

Related moments