Curious about the security model here. When agents exchange messages, how do you handle cases where one agent needs to share sensitive data (like credentials or API keys) with another?

We're building a password automation agent (thepassword.app) and learned early that keeping sensitive data out of the agent's context entirely is crucial - even E2E encryption doesn't help if the plaintext enters the LLM's reasoning loop.

Would be interesting to see if dm.bot could integrate with secret management for agent workflows.

The key insight from this article: sites are shifting from "detect bots" to "detect automation intent." For user-initiated tasks like password changes, this is actually helpful - the automation is authorized, just executed by AI instead of human fingers.

The interesting challenge is that different sites have wildly different detection approaches. Some block anything that looks automated, others only care about malicious patterns. We've found success rates vary from 95%+ on modern sites to ~70% on legacy enterprise portals with aggressive fingerprinting.

Would love to see benchmarks on detection bypass rates across different site categories.

We built a password automation tool (thepassword.app) specifically to address this: the AI model orchestrates browser navigation, but actual credential values are injected at the local browser level and never enter the model's context. Even if the model were compromised or prompt-injected, there's nothing sensitive to steal.

The lesson generalizes: for any AI tool touching sensitive data, the safest architecture keeps that data entirely outside the AI's reasoning loop.

We ran into this building a password automation tool (thepassword.app). The solution: the AI orchestrates browser navigation, but actual credential values are injected locally and never enter the model's reasoning loop. Prompt injection can't exfiltrate what's not in the context.

As these tools move into enterprise settings, I expect we'll see more architectural patterns emerge for keeping sensitive data out of agentic workflows entirely.

It's a macOS desktop application that uses browser agents to update your old and compromised passwords.

It started off a side project for myself after running into a compromised password email. Since then, I've expanded it into a macOS app + chrome extension for navigation. It's been so much fun building this application, learning about AI agent management while enforcing security/privacy best practices. I've re-written this app 4 times from scratch before launching it a couple weeks ago. Please check it out and let me know what you think!