Summaries like this, in your inbox every morning.
Sign up free →Microsoft shipped FIDES (Flow Integrity Deterministic Enforcement System) as an experimental feature in Agent Framework. Every piece of content is labeled with integrity (trusted/untrusted) and confidentiality (public/private) tags; labels propagate automatically through tool calls; policies are enforced before sensitive tools run.
FIDES stops prompt injection by making security deterministic rather than probabilistic. Instead of relying on defensive prompts or allowlists—both of which fail silently—the framework checks labels before each tool call, preventing the model from reaching privileged operations even if it is tricked by injected instructions in untrusted data.
In a concrete example, a GitHub issue triage agent can read untrusted issue bodies (labeled as such) but is prevented from calling post_comment if private content is in scope, and completely blocked from calling write_file with untrusted context. Human approval prompts surface policy violations when approval_on_violation is enabled.
No comments yet. Be the first to share your thoughts!
Log in to join the discussion




Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack