This presentation explores the practical risks associated with granting Large Language Models (LLMs) agency, enabling them to perform actions on behalf of users. Donato shows how attackers can exploit these capabilities in real-world scenarios. Specifically, the focus is on an emerging use cases, autonomous browsers. The session will cover how LLM agents operate, the risks of indirect prompt injection, and strategies for mitigating these vulnerabilities.