Comment by threecheese
20 hours ago
Per their docs they have both “account” tokens and role-based tokens; the former have wide latitude (and might be used for DNS or root-access type stuff), while the latter are intended to be used for maintenance and have strong security boundaries. OP gave access to the former type without realizing it.
In most orgs, those would be behind some escalation control. Unless the token creator didn’t know what they were doing/creating, which tracks for a non-expert.
"which tracks for a non-expert"
So all agents then...because if you are an expert at a specific system, using a LLM probably slows you down, not speeds you up.
PS The article seems to imply that the token the LLM was given was a role based token. It then found ANOTHER token and used that instead.