What does Trace include?

Trace includes three daily feeds: Trending, For You, and Deep Dives. Every item includes an AI summary in your preferred reading style.

How much does Trace cost?

Trace starts with a free trial and then costs $2.99 per month. You can cancel anytime from your profile.

How does personalization work?

You choose your role, interests, and preferred sources. Trace uses those inputs to rank and summarize content for your daily feeds.

Bliki: Agentic Email

The Promise of Agentic Email

Imagine a world where your email is managed by an intelligent agent that reads, sorts, and responds to your messages. This is the vision of agentic email, powered by large language models (LLMs). It’s a tantalizing prospect for many professionals drowning in a sea of emails. The idea is simple: let AI handle the mundane tasks so you can focus on what truly matters. But here’s where it gets interesting—while this technology promises to alleviate the burden of constant communication, it also raises serious security concerns.

The Lethal Trifecta Explained

Enter the concept of the Lethal Trifecta, a term coined by Simon Willison. It highlights three critical vulnerabilities that arise when an AI agent has access to your email: untrusted content, sensitive information, and external communication. This trifecta is particularly dangerous because it creates a perfect storm for potential security breaches. Imagine an AI that can autonomously reply to emails, but also has access to sensitive data—this is where the risks multiply.

Security Risks and Password Vulnerabilities

One of the most alarming aspects of agentic email is its potential to compromise password security. Many password-reset workflows rely on email communication. A malicious actor could instruct an AI to forward password reset emails to another address, effectively hijacking accounts. This scenario isn’t just theoretical; it’s a real risk that could have devastating consequences for individuals and organizations alike. As Fowler notes, the mere thought of an AI agent having this level of access is unsettling.

Mitigating Risks with Controlled Access

So, how can we harness the power of AI while minimizing risks? One proposed solution involves placing the agent in a controlled environment with read-only access to emails. This means the AI can draft responses and perform tasks, but it cannot send emails or access the internet. By doing this, we eliminate one part of the trifecta, significantly reducing the attack surface. While this approach may limit the agent's capabilities, it prioritizes security over convenience.

The Current Landscape and Future Concerns

As of now, we haven’t seen major security incidents related to agentic email, but that doesn’t mean we should be complacent. Fowler warns that just because attackers aren’t exploiting these vulnerabilities today doesn’t mean they won’t in the future. Anyone considering the use of agentic email must fully understand the risks involved and be prepared to take responsibility for the consequences. The balance between efficiency and security is a tightrope that many will have to walk in the coming years.