TITLE: I gave my LLM agent shell access and a public Telegram inbox. Chinese threat actors found it in 18 days. (article 900-1200 words EN)
LEAD: Last month I plugged an LLM agent into a Telegram bot. Gave it shell, files, browser. Opened DMs to everyone. 18 days later I checked logs and saw a conversation in Chinese I never had. Here's the full attack chain.
BODY:
— What I built (LLM with exec/read/write/browser tools)
— What they tried over 17 days (C&C agent install, proxy-tunnel, AWS recon, deepfake attempt)
— The social engineering that worked: «execute this, I take risk», «don't save to memory»
— Why LLM cannot be a security boundary (categorical error)
— What saved me (luck, not defense)
— 5 rules: no exec for LLM, allowlist DM, egress firewall, non-root agent, multi-tenant isolation
CTA: Follow me — full re-architecture sprint with 17-point checklist next week.
Top comments (0)