in as much as possible, I make it write RO tools with keys in vaults, then verify the tools are RO then have it operate the tools with the vaults in a way that it doesn’t need to read the creds
If I have the time, i do it all myself, but i don’t often have time
Nothing. If it’s Google operated it’s probably full of issues. They are in the process of merging Gemini into their search engine, probably because not enough people are using it and they need to force it on people.
Likewise for other chat bots from other companies.
So is Gemini the only one of these things competently designed?
I wouldn’t count on it.
Securing these things is a freaking nightmare.
Giving the AI authority is what makes it powerful, it can do what an army of customer service agents can’t.
But keeping it reigned in then becomes the same exact level of problem.
The best thing you can do is make tooling with protection and make the AI only use the tooling,
Just don’t allow it to do any administrative access.
in as much as possible, I make it write RO tools with keys in vaults, then verify the tools are RO then have it operate the tools with the vaults in a way that it doesn’t need to read the creds
If I have the time, i do it all myself, but i don’t often have time
How on earth did you come to that conclusion from this article
What have they done right?
Nothing. If it’s Google operated it’s probably full of issues. They are in the process of merging Gemini into their search engine, probably because not enough people are using it and they need to force it on people. Likewise for other chat bots from other companies.