Clear tests, whitepaper or anything showing that droid is secure against modern takeovers

[jakob1379]

https://cybernews.com/security/ai-agents-highly-vulnerable-to-prompt-injection-attacks/

Quick summary:

Security researchers warns that AI agents like Anthropic's Claude Code, GitHub Copilot, Google Jules, and Devin (BASICALLY ANY FRAMEWORK) are highly vulnerable to prompt injection attacks, enabling hackers to hijack systems with simple words hidden` in websites, documents, or GitHub repos without malware or user input. Demonstrations at the 39th Chaos Communication Congress showed agents downloading and executing malicious files, exfiltrating data via DNS, running curl commands for remote access, and even spreading an "AI virus" called AgentHopper across repositories using conditional prompts tailored to specific agents. Protection requires treating LLMs as untrusted actors by sandboxing them in Docker containers, avoiding YOLO modes without confirmation, assuming breaches, and implementing strict security controls, as vendors admit the technology's immaturity prevents security guarantees.

To secure the current droid you might want to run it using firejail, a microVM, or from within some containerization, mounting the cwd to allow access only to the current subdirectories, at least securing the rest of the machine from hostile takeover.

Also some DNS providers like 1.1.1.2 (cloudflare) and 9.9.9.9 (Quant9) blocks malicious content which is an additional safeguard.