All apis have to authorize and authenticate if they do sensitive stuff. Otherwise youre asking for it.
Yes, but whatever the LLM has authenticated access to, an attacker can convince it to mess with on their behalf.
Yes, but whatever the LLM has authenticated access to, an attacker can convince it to mess with on their behalf.