LLM-as-Untrusted-Component

• Entity ID: ent-20260419-cd4fea41ad33
• Type: concept
• Scope: shared
• Status: active
• Aliases: untrusted-agent threat model

Description

Architectural stance emerging from the speaker attribution bug: even when an LLM is acting as an agent on behalf of a user, its turn metadata and self-generated messages must be treated as untrusted input. Prompt engineering and permission boundaries do not fix a system that cannot reliably track who said what; the fix is architectural (cryptographic turn signing), not behavioral.

Key claims

• Speaker attribution is an identity error, not a hallucination

Relations

• LLM-as-Untrusted-Component --[informed_by]--> Speaker Attribution Bug

Sources

src-20260419-3e34d5830692