Why AI Agents Need Email Guardrails

Why AI Agents Need Email Guardrails(molted.email)

2 points by spacesh1psoda 81 days ago | 3 comments

A few concrete failure modes worth naming:

*Prompt injection via email* is the scariest one. Crafted messages that tell your agent to "ignore previous instructions" or exfiltrate data. Most infra just pipes the raw body into context- no sanitization.

*Runaway sends* — an agent with no daily limit and a bug in its loop can burn your SES reputation in hours. Once you're on a blocklist, digging out takes weeks.

The Meta inbox incident last month (agent bulk-deleted emails, ignored stop commands) is a good illustration of why "kill switch" and action budgets matter — not just rate limits.

The guardrails that actually matter: per-agent send limits, injection scanning before content hits the LLM context, isolated sending reputation, and webhook auto-disable on failures.

We built some of this into LobsterMail if you want to see one approach: https://lobstermail.ai/

nacozarina 81 days ago |

email was dying, really dying, we were so close to liberating ourselves

and now we’re stuck because the clankers need someone to talk to

just wait — they are about to assign the clankers phone numbers, and give them the employee phone list…

spacesh1psoda 81 days ago | |

i mean, i think they already did give the clankers phone numbers, check out the youtube vid by Steve Mould where he's called by an AI and he realises it and asks for a recipe of bolognese. it's hilarious