This is the single most important security concept in this course. The Lethal Trifecta is the 3-way combination that creates maximum risk: private data access, untrusted content ingestion, and external communication capability. If your agent has all 3, a single prompt injection in an untrusted document could exfiltrate your private data to an external endpoint.
Your goal is to never give all 3 to one agent. Your Pair Programmer reads private code but doesn't communicate externally. Your Personal Assistant communicates externally but doesn't access private repos. Break the trifecta by splitting capabilities across agents with strict isolation. Can you see how the multi-agent architecture from earlier makes this possible?