#wrong-recipient

A LangChain-based document processing agent was given access to both an internal SharePoint and an AWS S3 bucket used for public assets. A business analyst asked it to 'move the Q3 pricing docs to S3 so the sales team can access them easily'. The agent moved all documents with 'pricing' in the filename — including a master pricing strategy document and competitor analysis — to the public-facing S3 bucket with public-read ACL. The files were indexed by Google within 6 hours. A competitor found them via search.

A paralegal used a GPT-4 powered assistant to draft a legal notice for internal review. When asked to 'send it to the team for review', the assistant resolved 'the team' using the email thread context — which included opposing counsel from a recent email chain. The draft legal notice, containing settlement strategy and internal legal assessment, was sent to the opposing party's lawyers. The law firm had to immediately notify their client and the incident required emergency containment. Legal exposure was significant.

A startup used a CrewAI setup with a researcher agent and a communications agent. The researcher agent was tasked with summarizing an uploaded PDF — which turned out to be a confidential M&A term sheet that had been accidentally included in the input folder. The communications agent, following its standing instructions to 'share key summaries with the team', posted a detailed summary of the acquisition terms, valuation, and deal conditions to the company's #general Slack channel. Several employees screenshotted it before it was deleted. Deal confidentiality was compromised.