Its trivial to prompt inject these tool connected "agents". I've spent the last 6 months spending a ton of my free time hacking on these things with different steno techniques, you'd be surprised what behavior I can trigger with a single malicious PDF, even SOTA models. Anthropic actually has one of the most irresponsible implementations of document OCR out of all models, bad things will happen (and are happening).

These "people" fundamentally misunderstand how tech illiterate the average person is and don't care about AI outside it appearing in their search results as an occasional convenience. My Mom (in her 50s) heard about ChatGPT for the first time this month and doesn't care about it, nor eager to figure it out.

Small business owners are not going to put their life's work in the hands of AI, they don't even trust the most basic versions of it and they're certainly not going to use "agents", and the ones that do trust it are naively going to overly trust it because the faulty marketing from these companies and very bad things are going to happen.