Google and Meta researchers jointly speak out: AI Agent security is not a model problem, it's a system problem

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯1831 words

Researchers from Google, Meta, and academic experts have jointly published a paper arguing that security protection for AI Agents should not rely solely on enhancing model capabilities, but should establish a defensive architecture at the system level, treating AI as an "untrusted component." (Background: SlowMist column: Is entrusting funds to a "lobster" AI Agent really safe? Joint Bitget report reveals five major risks) (Context: PrimePiper: A prime broker for AI agent trading, enabling AI agents to safely trade in global markets) "Agent Security is a Systems Problem," co-authored by researchers from Google, Gray Swan AI, EmbraceTheRed, and several universities, analyzes various attack cases and proposes three key mechanisms that can effectively eliminate a large number of AI Agent attacks. The paper, revised and released on May 20, points out that the current mainstream approach in the industry is to "make models more powerful" to improve the robustness of AI Agents, but this method alone is insufficient. The research team believes that the security of AI Agents should borrow from principles and techniques that have been validated over decades in the field of computer security. The core argument in the paper is: "Through this lens, while efforts to improve model robustness are important, they cannot solve the problem alone. We must complement existing efforts with techniques from the field of systems security." The research team further explains: "We treat Agent security as an instance of computer security. This field has long dealt with powerful attackers and has inspired decades of research into principles and techniques for confronting these adversaries." After analyzing multiple attack cases, the research team proposes three mechanisms that can eliminate a large number of attacks: First, AI Agents should clearly distinguish between "instructions" and "untrusted data." In many cases, AI Agents mix instructions and data from the same source together, allowing attackers to hide malicious instructions within data and cause the Agent to make incorrect judgments. Second, AI Agents should adhere to the "principle of least privilege." Agents should not have full access permissions by default, but should only have the minimum permissions required to execute a task. This means that when AI Agents execute trades, check balances, or query information, they should each use the corresponding permission level. Third, the system should actively control the flow of sensitive information. Rather than letting the AI Agent itself decide where to send data, higher-level systems should set rules to ensure that sensitive information is not sent to insecure destinations. On the same day the paper was released, AI cryptocurrency trading assistant Bankr announced a suspension of trading after discovering that at least 14 wallets had been compromised by attackers. Security experts speculate that the AI bot may have been exploited by hackers. Aaron Ratcliff, Head of Attribution at Merkle Science, pointed out last year that from a security perspective, allowing AI Agents to access wallets is equivalent to adding a layer of trust to a system that was designed to be trustless. "If you hand your wallet to an AI, you've added another layer of trust. It's only safe when the system is designed correctly." Ratcliff emphasized that AI Agents should have the following capabilities before executing trades: catching front-running, setting slippage caps, identifying scam tokens, real-time auditing of smart contracts, while also sandboxing prompts, preventing injection, and blocking man-in-the-middle access. The application of AI Agents in the cryptocurrency space is growing rapidly. Circle co-founder and CEO Jeremy Allaire predicted in January this year that within five years, billions of AI Agents will execute trades and tasks on behalf of users. Currently, AI Agents have been used to build Web3 applications, issue tokens, and autonomously interact with services and protocols, with some platforms beginning to explore AI applications in trading. Solana also recently hosted an AI hackathon, attracting 12 new AI Agent project entries. Sean Ren, co-founder of AI-native blockchain platform Sahara AI, believes that the Model Context Protocol (MCP), if configured correctly, is the gold standard for security, but users should still pay attention to every action executed by AI Agents. Ren stated: "MCP essentially acts as a gatekeeper between the AI model and your wallet. Agents can only execute specific, approved actions, such as checking balances or preparing payments for your confirmation, rather than freely moving funds or changing wallet settings." Taiwan's cryptocurrency market is actively integrating AI Agent technology, with multiple local wallets and exchanges having launched AI-assisted trading features in 2025. As the number of AI Agents grows exponentially, establishing security protection at the system level will become a critical infrastructure issue. This research reminds us that AI Agent security is not about "the stronger the model, the better," but rather "the more complete the system architecture, the safer it is." In the future, when billions of AI Agents operate simultaneously, system-level security design will determine the stability of the cryptocurrency market.

Data Status✓ Full text extractedRead Original (動區 BlockTempo)

🔍Historical Similar Events· Keyword + Asset Matching6 items

2026-05-20

Google partners with Samsung to launch new smart glasses: Audio glasses to hit shelves this fall, challenging Meta's over 70% market share

Similarity 170%關鍵字 google/meta同分類 zh

2026-05-19

Iran strikes again: demands toll fees from Google, Meta, and Amazon for submarine cables, or threatens to cut off the internet

Similarity 170%關鍵字 google/meta同分類 zh

2026-04-29

The Magnificent Seven earnings kick off today! Microsoft, Google, Meta, and Amazon earnings reports, along with AI capital expenditure, will influence the trend of TSMC.

Similarity 140%關鍵字 google/meta同分類 zh

2026-04-23