In an exclusive interview with The Register, Block CISO James Nettesheim outlines how Block secures Goose, the company's open-source AI agent used by nearly all of its 12,000 employees. He describes red-team testing that executed a prompt-injection infostealer, then details mitigations including least-privilege access, recipe-install warnings, invisible-Unicode detection, and adversarial-ML checks to validate inputs and outputs for safer enterprise deployment.
Key Points
- 1Red-teamed Goose and exploited prompt-injection to demonstrate agents can execute hidden malicious payloads.
- 2Implements least-privilege, recipe warnings, and Unicode detection to reduce unauthorized data access and code execution.
- 3Encourages adversarial-AI and secondary-LLM checks for runtime validation to improve enterprise agent security posture.
Scoring Rationale
Actionable enterprise controls and official red-team evidence drive score, limited novelty given existing prompt-injection awareness across the industry.
Sources
Public references used for this report.
Practice with real Ad Tech data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Ad Tech problems

