Hacker News: tvissershttps://news.ycombinator.com/user?id=tvissersHacker News RSShttps://hnrss.org/hnrss v2.1.1Thu, 11 Jun 2026 01:30:30 +0000<![CDATA[New comment by tvissers in "A €0.01 bank transfer could compromise a banking AI agent"]]>I can recommend having a look at secure design patterns for LLM agents. Simon Willison has a great post on this: https://simonwillison.net/2025/Jun/13/prompt-injection-desig...

]]>Wed, 10 Jun 2026 15:55:51 +0000https://news.ycombinator.com/item?id=48478266tvissershttps://news.ycombinator.com/item?id=48478266https://news.ycombinator.com/item?id=48478266<![CDATA[New comment by tvissers in "A €0.01 bank transfer could compromise a banking AI agent"]]>Thanks for chiming in.

I agree this is not a one-click account takeover.

But I think point 2 is broader than that. The user does not need to ask about the malicious transaction specifically. Any normal question that makes the agent fetch recent transactions could bring the attacker-controlled text into the LLM context.

]]>Wed, 10 Jun 2026 15:35:10 +0000https://news.ycombinator.com/item?id=48477950tvissershttps://news.ycombinator.com/item?id=48477950https://news.ycombinator.com/item?id=48477950<![CDATA[A €0.01 bank transfer could compromise a banking AI agent]]>Article URL: https://blue41.com/blog/how-we-helped-bunq-secure-their-financial-ai-assistant/

Comments URL: https://news.ycombinator.com/item?id=48476136

Points: 165

# Comments: 150

]]>Wed, 10 Jun 2026 13:39:11 +0000https://blue41.com/blog/how-we-helped-bunq-secure-their-financial-ai-assistant/tvissershttps://news.ycombinator.com/item?id=48476136https://news.ycombinator.com/item?id=48476136