AIToday

Microsoft releases FIDES, a security system for AI agents that uses information-flow control to block prompt injection attacks

Semantic Kernel BlogMay 20, 20261 min read

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. Microsoft shipped FIDES (Flow Integrity Deterministic Enforcement System) as an experimental feature in Agent Framework. Every piece of content is labeled with integrity (trusted/untrusted) and confidentiality (public/private) tags; labels propagate automatically through tool calls; policies are enforced before sensitive tools run.

  2. FIDES stops prompt injection by making security deterministic rather than probabilistic. Instead of relying on defensive prompts or allowlists—both of which fail silently—the framework checks labels before each tool call, preventing the model from reaching privileged operations even if it is tricked by injected instructions in untrusted data.

  3. In a concrete example, a GitHub issue triage agent can read untrusted issue bodies (labeled as such) but is prevented from calling post_comment if private content is in scope, and completely blocked from calling write_file with untrusted context. Human approval prompts surface policy violations when approval_on_violation is enabled.

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →