Hasty Briefsbeta

Bilingual

Prismata: Confining cross-site prompt injection in web agents

3 hours ago
  • #autonomous agents
  • #web security
  • #prompt injection
  • Prismata is a defense mechanism for web agents to prevent cross-site prompt injection attacks.
  • It enforces contextual least privilege by deriving dynamic trust labels for page content and restricting agent capabilities.
  • The system provides structural confinement guarantees to bound labeling errors, ensuring labels can only decrease in privilege.
  • Prismata requires no developer annotations, making it applicable to a wide range of websites.
  • It significantly reduces attack success rates while maintaining utility for benign tasks.