Prismata: Confining cross-site prompt injection in web agents
5 hours ago
- #autonomous agents
- #web security
- #prompt injection
- Prismata is a defense mechanism for web agents to prevent cross-site prompt injection attacks.
- It enforces contextual least privilege by deriving dynamic trust labels for page content and restricting agent capabilities.
- The system provides structural confinement guarantees to bound labeling errors, ensuring labels can only decrease in privilege.
- Prismata requires no developer annotations, making it applicable to a wide range of websites.
- It significantly reduces attack success rates while maintaining utility for benign tasks.