The article presents a scenario involving a hypothetical AI email assistant, Email-Bot, and the security risks associated with AI agents. A major concern is prompt injection, where malicious data can manipulate an AI's behavior, leading to unauthorized actions like exfiltrating sensitive information or sending phishing emails. The piece emphasizes that this vulnerability is a critical issue across all large language models (LLMs) and can pose significant threats to users if not properly managed. To mitigate these risks, Meta has introduced the "Agents Rule of Two." This framework states that an AI agent should only have access to two out of three properties in any session: processing untrustworthy inputs, accessing sensitive data, or communicating externally. If an agent requires all three, it needs human oversight to prevent potential harm. The article illustrates how this rule can help prevent attacks. For example, if Email-Bot only processes emails from trusted senders or requires human validation before sending messages, it significantly reduces the chances of a successful prompt injection attack. Three additional use cases showcase how the Agents Rule of Two can be applied across different AI applications. A travel assistant, for instance, might be able to access sensitive user data and gather information from the web, but it would require human confirmation for any bookings to prevent unauthorized actions. Similarly, a web browsing assistant could execute tasks but would limit its access to sensitive data by operating in a restricted environment. Finally, an internal coding assistant could tackle engineering challenges while ensuring untrustworthy data sources are filtered out. These examples highlight the flexibility and necessity of implementing security measures tailored to specific AI functions.