Comment by tgv

13 hours ago

From what I understood at [1], Context.ai users "enable AI agents to perform actions across their external applications, facilitated via another 3rd-party service." I.e., it's designed to get someone's OAuth token and use it. Unless that is done really carefully, the risks are as high as the user's authorization goes. The danger doesn't only come from leaks, but also from agents, that can clear your db or directory at a whim.

[1] https://context.ai/security-update

1 comment

tgv

steve1977 12 hours ago

Oof. So much incompetence at so many levels. It's scary.