Case Studyagentsprompt injectionadversarial mlopen source

Block Strengthens Goose Agent Security Practices

||By LDS Team
8.2
Relevance Score
Block Strengthens Goose Agent Security Practices

In an exclusive interview with The Register, Block CISO James Nettesheim outlines how Block secures Goose, the company's open-source AI agent used by nearly all of its 12,000 employees. He describes red-team testing that executed a prompt-injection infostealer, then details mitigations including least-privilege access, recipe-install warnings, invisible-Unicode detection, and adversarial-ML checks to validate inputs and outputs for safer enterprise deployment.

Key Points

  • 1Red-teamed Goose and exploited prompt-injection to demonstrate agents can execute hidden malicious payloads.
  • 2Implements least-privilege, recipe warnings, and Unicode detection to reduce unauthorized data access and code execution.
  • 3Encourages adversarial-AI and secondary-LLM checks for runtime validation to improve enterprise agent security posture.

Scoring Rationale

Actionable enterprise controls and official red-team evidence drive score, limited novelty given existing prompt-injection awareness across the industry.

Sources

Public references used for this report.

2 sources

Practice with real Ad Tech data

90 SQL & Python problems · 15 industry datasets

250 free problems · No credit card

See all Ad Tech problems