Even then, we're stuck with the root problem of LLM-based agents (i.e. the ones everyone is trying to use these days) being fundamentally untrustworthy and prone to going rogue.