Summary

Fowler warns against the growing trend of people using LLM agents to manage their email accounts autonomously. While acknowledging the appeal of offloading email drudgery, he argues that email represents a perfect instance of Simon Willison's 'Lethal Trifecta': untrusted content, sensitive information, and external communication capability. He notes that password-reset workflows through email make this especially dangerous. He suggests a mitigation approach of sandboxing the agent with read-only access and no internet connectivity, accepting reduced capability as the price of security.

Key Insight

Giving an LLM agent access to your email creates a perfect storm of security risks — untrusted content, sensitive data, and external communication — that no amount of convenience justifies without rigorous sandboxing.

Spicy Quotes (click to share)

• 5

  Email is the nerve center of my life. There's tons of information in there, much of it sensitive.

• 7

  An agent working on my email has oodles of context - and we know agents are gullible.

• 6

  Direct access to an email account immediately triggers The Lethal Trifecta: untrusted content, sensitive information, and external communication.

• 4

  I'm hearing of some very senior and powerful people setting up agentic email, running a risk of some major security breaches.

• 5

  How easy is it to tell an agent that the victim has forgot a password, and intercept the process to take over an account?

• 4

  Just because attackers aren't hammering on this today, doesn't mean they won't be tomorrow.

• 5

  I may be being alarmist, but we all may be living in a false sense of security.

Tone

cautionary