AI Agent Security: "Lethal Trifecta" Now Baseline Risk

A security warning about AI agents, known as the "lethal trifecta," is now considered a baseline operation for all AI. This means agent security is no longer about architecture. The lethal trifecta describes three capabilities in an AI agent: access to private data, exposure to untrusted content, and the ability to communicate externally. When combined, these create a path for exploitation, such as indirect prompt injection. Originally, if an agent had only one or two of these capabilities, it was considered lower risk. However, current AI agents, like customer support or email AI, now commonly exhibit all three. For example, a support agent reads customer records, ingests user messages, and calls external systems. This makes the lethal trifecta a default configuration rather than a sign of elevated risk. The capabilities that make an AI agent useful also push it into what was once considered dangerous territory. The bottom line is that the architectural cost of usefulness now involves these previously risky combinations.