|
|
|
|
|
|
by tuo-lei
19 days ago
|
|
|
allowlisting breaks once the agent has messaging tools. you can deny all outbound from the agent, but if it can post to teams or slack or email, link previews will fetch whatever URL the injection puts in. messaging is usually the first tool anyone adds to an enterprise agent so you end up with strict network controls that don't actually prevent anything. |
|
|