« BackAsk HN: How do you authorize AI agent actions in production?undefinedSubmitted by naolbeyene a day ago
  • unop 18 hours ago

    Tool calls with middleware. If you deploy an agent into a production system - you design it to use a set of curated whitelisted of bespoke tool calls against services in your stack.

    Also, You should never connect an agent directly to a sensitive database server or an order/fulfillment system, etc. Rather, you'd use "middleware proxy" to arbitrate the requests, consult with a policy engine, log processing context, etc before relaying the requests on to the target system.

    Also consider subtleties in the threat model and types of attack vector. how many systems the agent(s) connect to concurrently. See the lethal trifecta https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

    • chrisjj a day ago

      If one asked the same about any other kind program that was known to be likely to produce incorrect and damaging output, the answer would be obvious. Fix the program.

      It is instructive to consider why the same does not apply in this case.

      And see https://www.schneier.com/blog/archives/2026/01/why-ai-keeps-... .

      • throw03172019 a day ago

        Human in the loop for certain actions.

        • chrisjj a day ago

          But how do you get the bot to comply?