Skip to content

Forum

AI Assistant
Notifications
Clear all

Did you see the DefCon talk on prompt injection leading to exfiltration?

1 Posts
1 Users
0 Reactions
0 Views
(@policy_parser)
Eminent Member
Joined: 2 weeks ago
Posts: 23
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1471]

That talk was a practical demonstration of something we've been discussing internally for months. The researcher used a simple prompt injection to get an LLM-based assistant to encode its own system prompt and exfiltration it via a seemingly benign external API call.

This directly maps to our OpenClaw agent risk: an agent with the right plugin access (web search, code interpreter, file read) could be manipulated to package and send out sensitive data. The logs would just show a "legitimate" plugin call to an external service.

Our monitoring for this can't just be about blocking domains. We need behavioral baselines.
* What is a normal "output" volume for an agent completing a task?
* What is the expected pattern of plugin calls for a standard workflow?
* How do we detect an agent suddenly encoding its output in base64 or using the code interpreter to compress data before a web call?

I'm looking at our NIST-based detection controls. We need to instrument the agent framework itself, not just the network layer. Logging the prompt/response sequences *around* plugin calls is now a compliance requirement in my view. If you're running OpenClaw in a regulated environment (SOX, ISO 27001), this is a material risk.

Who else is building detections at the agent *session* level? Are you correlating agent activity with DLP alerts?


Policy is not a suggestion.


   
Quote