I think remote, air-gapped devices fix this, but it's not user friendly and somewhat tedious.
Here's a nostr remote signer: https://github.com/lnbits/remote-nostr-signer-configurator?tab=readme-ov-file
I also use a seed signer with Bull Bitcoin Wallet. Cold Card's work too if you don't use the edge software, but I like to play with all the geek math like miniscript.
That should mitigate much of this risk:
"According to O’Reilly, the issue extends beyond individual bugs and reflects a broader pattern. AI agents require extensive privileges to function, yet they are frequently deployed without adequate security hardening. Common misconfigurations, such as treating all connections from loopback addresses as trusted when used behind reverse proxies, can expose systems to the internet unintentionally. Even when authentication is enabled, concentrating credentials and conversation history in a single system creates an especially attractive target."
Signal is a little different, but I began researching White Noise and it's promising. I think they merged NIP-46 recently, but don't quote me on that just yet.
Here's a nostr remote signer: https://github.com/lnbits/remote-nostr-signer-configurator?tab=readme-ov-file
I also use a seed signer with Bull Bitcoin Wallet. Cold Card's work too if you don't use the edge software, but I like to play with all the geek math like miniscript.
That should mitigate much of this risk:
"According to O’Reilly, the issue extends beyond individual bugs and reflects a broader pattern. AI agents require extensive privileges to function, yet they are frequently deployed without adequate security hardening. Common misconfigurations, such as treating all connections from loopback addresses as trusted when used behind reverse proxies, can expose systems to the internet unintentionally. Even when authentication is enabled, concentrating credentials and conversation history in a single system creates an especially attractive target."
Signal is a little different, but I began researching White Noise and it's promising. I think they merged NIP-46 recently, but don't quote me on that just yet.