Agentic LLM apps come with a glaring security flaw: they can't tell the difference between data and code. That blind spot opens the door to prompt injection and similar attacks.
The fix? Treat them like they're radioactive. Run sensitive tasks in containers. Break up agent workflows so they never juggle all three parts of the “Lethal Trifecta”: sensitive data, untrusted input, and outbound access. And for now, keep humans in the loop - every loop.
