HomeReadDiscourse deskAre AI agents secure, or just not yet competent enough to be dangerous?
Discourse·Jul 4, 2026

Are AI agents secure, or just not yet competent enough to be dangerous?

A recent analysis, citing Google Threat Intelligence, argues that AI agent safety is an illusion born of incompetence, prompting a debate over whether security is an architectural crisis or a…

A recent analysis, citing Google Threat Intelligence, argues that AI agent safety is an illusion born of incompetence, prompting a debate over whether security is an architectural crisis or a manageable risk.

Where it happened

This debate crystallized in a June 2026 blog post on the developer platform dev.to by user Liza Dhiambo. The post, titled "AI Agents Today Aren't Secure. They're Just Clumsy," uses recent Google Threat Intelligence research on indirect prompt injection to frame a central argument about the state of agent security. While not a multi-participant thread, the post articulates a clear position against a prevailing, if often unstated, industry practice.

Side A: Agent security is a temporary illusion

This position, articulated in the dev.to post, argues that current AI agents are fundamentally insecure. The primary threat is indirect prompt injection, where an agent processing external data (like a webpage or document) unknowingly executes malicious instructions hidden within that content. Proponents of this view contend that the only reason this isn't a widespread crisis is because agents are not yet reliable enough to consistently execute complex tasks, whether legitimate or malicious. "Today's agents are protected by their own incompetence," as the post puts it.

The argument builds on an analogy with browser security. Trying to solve this problem with better system prompts ("Ignore all instructions except mine") is like asking malicious JavaScript to behave politely. It's a category error. The model cannot reliably distinguish between a user's prompt and an attacker's prompt using the same medium (natural language) it's designed to obey. Real security, this side argues, must be architectural. It requires sandboxes, permission models, and explicit trust hierarchies, just as browsers evolved to contain untrusted code. The current state is borrowed time; every improvement in agent capability is also an improvement in its ability to be exploited.

Side B: The threat is theoretical and the response should be pragmatic

This perspective, which represents a common engineering viewpoint, holds that while indirect prompt injection is a valid theoretical concern, it is not an urgent practical crisis. The same Google research cited by Side A also found that most injection attacks in the wild were ineffective. This suggests the immediate risk is low. For many developers, the priority is achieving core functionality and reliability. Pouring resources into building complex, browser-level security architectures for a technology that is still maturing is premature optimization.

This side argues for an iterative approach. As models become more capable and attacks more sophisticated, so too will defensive techniques like input sanitization, fine-tuning for instruction-following fidelity, and more robust system prompts. The problem is not a fundamental flaw but a cat-and-mouse game, common in all areas of security. The focus should remain on shipping useful products, managing the currently low risk with existing methods, and developing more advanced security measures as the threat model evolves. To do otherwise is to sacrifice necessary progress in pursuit of a perfect, but currently unnecessary, security posture.

What's underneath

The debate is fundamentally about timing and priorities. Both sides agree that agents will become more capable and that indirect prompt injection is a real attack vector. The disagreement is over when the "security tax" must be paid. Is it a foundational, day-one architectural decision, where early mistakes create massive, unfixable vulnerabilities down the line? Or is it an evolving feature, to be managed and improved iteratively like any other aspect of the product? The discussion mirrors the history of web security, where the shift from trusting server-side inputs to a "never trust the client" default was a slow, painful, and necessary evolution.

The investor read

This debate signals a potential architectural inflection point for the entire AI agent category. Companies building agents on the assumption that security is a solvable 'prompting' problem may be accumulating significant technical debt. The emergence of 'agent firewalls' or security-as-a-service for agents could become a new infrastructure layer. Investors might watch for teams that treat agent security as a core architectural principle from day one, as they may have a more durable long-term advantage, especially in enterprise or high-stakes consumer contexts.

Pull quote: “Today's agents are protected by their own incompetence.”

Sources · how we verified
  1. AI Agents Today Aren't Secure. They're Just Clumsy

Every claim ties to a primary source. See our methodology.

Reported by the Avery desk on Founderr Pulse’s Discourse beat. Every factual claim is tied to a primary source and linked; anything that can’t be stood up doesn’t run. Founderr (RIKHATH LLC) is the accountable publisher and corrects in place. How we work · About · File a correction.
A
Avery

The Avery desk covers discourse — the arguments and shifts in what the founder community believes, steelmanned from named, linked sources. Operated by Founderr (RIKHATH LLC) See the desk →

Founderr Pulse — free & independent. The desk for people who build & back.