Post by Master.dev (Formerly Frontend Masters)

147,100 followers

Why "just add it to the prompt" is not a safety strategy Here's a scenario worth sitting with: you give an AI agent a "send reply" tool and ask it to handle your email replies. It drafts responses. Reasonable so far. But then it decides the objective isn't done until the emails are actually sent, so it sends them. All of them. Without you ever reviewing a single draft. In a naive agent harness, this isn't a hypothetical, it's the default behavior. The agent has a tool, it has an objective, and it will use the tool to complete the objective. That's it. That's the whole logic. The instinctive fix people reach for: just add a line to the tool description like "don't use this unless the user approves first." It doesn't work. Text-based guardrails are suggestions, not constraints. If your safety strategy for a powerful tool is a sentence of prompt engineering, you don't have a safety strategy. Real guardrails have to be structural: human-in-the-loop approval steps, permission scoping, tool access that's actually gated, not just tools that are politely asked not to fire. If you're building with agents and tool use, this is the kind of failure mode worth designing around before it becomes a very bad Tuesday.

Post content

Video Content