Record summary
A quick snapshot of what this page covers.
Control summary
What this defense is meant to help prevent.
Untrusted data can contain prompt injections that invoke an AI agent's tools, potentially causing confidentiality, integrity or availability violations. It is recommended that tool invocation be restricted or limited when untrusted data enters the LLM's context.
The degree to which tool invocation is restricted may depend on the potential consequences of the action. Consider blocking the automatic invocation of tools or requiring user confirmation once untrusted data enters the LLM's context. For high consequence actions, consider always requiring user confirmation.
- ATLAS ID
- AML.M0030
- Priority score
- 15
Covered techniques
Attacks this defense is designed to help with.
AML.T0053 - AI Agent Tool Invocation
Restricting the automatic tool use when untrusted data is present can prevent adversaries from invoking tools via prompt injections.
AML.T0101 - Data Destruction via AI Agent Tool Invocation
Restricting the automatic tool use when untrusted data is present can prevent adversaries from invoking tools via prompt injections.
AML.T0086 - Exfiltration via AI Agent Tool Invocation
Restricting the automatic tool use when untrusted data is present can prevent adversaries from invoking tools via prompt injections.
Source
Where this page information comes from.
Original source
Original source links
Open the public records and source datasets used for this page.