23 lines
616 B
Markdown
23 lines
616 B
Markdown
# Threat model (draft)
|
|
|
|
## Assets to protect
|
|
- host filesystem and secrets
|
|
- network access and credentials
|
|
- tool side effects (writes, API calls, deletes)
|
|
- user data and memory stores
|
|
- audit and provenance integrity
|
|
|
|
## Adversaries / failure modes
|
|
- prompt injection leading to unsafe tool usage
|
|
- malicious tool plugins
|
|
- hallucinated or forged tool outputs
|
|
- data exfiltration via tool channels
|
|
- runaway cost due to repeated retries/loops
|
|
|
|
## Strategy
|
|
- least authority via capabilities
|
|
- isolation domains for tool execution
|
|
- policy gate for side effects
|
|
- provenance for every tool call and memory commit
|
|
|