← The Modern AI Developer
Don't Let AI Cause Trouble: Testing & Security
Your Agent reads email, clicks links, calls tools, runs code—the more it can do, the more ways it can cause trouble. This level explains it all in the most everyday terms: how someone can trick your Agent with a single sentence (prompt injection), why secrets must never go into the prompt, why you can't fully trust the AI when it says 'security scan passed,' and how to back up the AI's output with automated tests plus human review. By the end you'll have a whole set of 'don't let AI cause trouble' defensive instincts.
Unit 1
Insure Your AI
Around the four typical risks of an Agent—prompt injection, secret leaks and SSRF, blindly trusting the AI's security verdict, and output with no safety net—build a defensive mindset for each one.
- 1One Sentence Can Trick Your AgentPrompt injection: smuggled instructions, indirect injection, and least privilege6 Q
- 2Don't Put Secrets in the Prompt, and Don't Let It RoamCredential / secret leaks and SSRF in plain words6 Q
- 3When AI Says 'Security Scan Passed,' Don't Fully Trust ItFalse negatives: passing a scan doesn't mean it's actually safe6 Q
- 4Double-Insure the AI's OutputAutomated tests + human verification as a safety net together6 Q