The trifecta tells you what an agent can do

This article discusses the limitations of the 'lethal trifecta' (private data, untrusted content, exfiltration path) as a security heuristic for AI agents. It argues that while the trifecta indicates capability, it cannot determine harm, which depends on context. The author proposes three additional checks: contextual integrity (Nissenbaum's framework), organizational policy rules, and authority. Examples like CI-Work and ConfAIde benchmarks illustrate how agents can violate privacy norms. The piece is relevant to IT/technology, specifically AI security, software engineering, and tech industry best practices.