• Agentic Email 17 February 2026 Martin Fowler bad things generative AI I’ve heard a number of reports recently about people setting up LLM agents to work on their email and other communications. • The LLM has access to the user’s email account, reads all the emails, decides which emails to ignore, drafts some emails for the user to approve, and replies to some emails autonomously. • It can also hook into a calendar, confirming, arranging, or denying meetings. • This is a very appealing prospect. • Like most folks I know, the barrage of emails is a vexing toad squatting on my life, constantly diverting me from interesting work. • More communication tools - slack, discord, chat servers - only make this worse.

Article Summaries:

  • Summary

A growing trend of using large‑language‑model (LLM) agents to manage personal email-reading messages, drafting replies, and scheduling meetings-has raised security concerns. Experts warn that such agents combine untrusted content, sensitive data, and external communication, a “Lethal Trifecta” that could enable phishing, password‑reset hijacking, and other breaches. While no major incidents have yet been reported, the potential for future attacks remains. Mitigation strategies include limiting agents to read‑only access, disabling internet connectivity, and requiring human review of drafted messages. Users adopting agentic email must understand these risks and accept responsibility for any fallout.

  • Agentic Email: Balancing Convenience and Security

A growing trend sees users deploying large‑language‑model (LLM) agents to manage email, drafting replies, filtering messages, and even scheduling meetings. While such tools promise to reduce inbox overload, experts warn of significant security risks. The “Lethal Trifecta”-untrusted content, sensitive data, and external communication-can expose users to data leaks and account takeover, especially through email‑based password resets. Some propose mitigations, such as sandboxing agents with read‑only access and no internet connectivity, limiting their ability to act autonomously. Though no major breaches have yet been reported, the potential for future attacks remains, urging cautious adoption and thorough risk assessment.

Sources: