alt Hacker NewsThat's a great idea, it makes a lot of sense for dynamic use cases.
I suppose I'm thinking of it as a more elegant way of doing something equivalent to top-down agent routing, where the top agent routes to 2-legged agents.
I'd be interested to hear more about how you handle the provenance tracking in practice, especially when the agent chains multiple data sources together. I think my question would be: what's the practical difference between dynamic attenuation and just statically removing the third leg upfront? Is it "just" a more elegant solution, or are there other advantages that I'm missing?
Thanks!
> I'd be interested to hear more about how you handle the provenance tracking in practice, especially when the agent chains multiple data sources together.
When you make a tool call that read data, their values carry taints (provenance). Combine data from A and B, result carries both. Policy checks happen at sinks (tool calls that send data).
> what's the practical difference between dynamic attenuation and just statically removing the third leg upfront? Is it "just" a more elegant solution, or are there other advantages that I'm missing?
Really good question. It's about utility: we don't want to limit the agent more than necessary, otherwise we'll block it from legitimate actions.
Static 2-leg: "This agent can never send externally." Secure, but now it can't reply to emails.
Dynamic attenuation: "This agent can send, but only to certain recipients."