Action Release Gates
What’s missing?
Once the approver for the Kandji action hits “Approve” and the recovery key is fetched in an API call, our IT/Security agent will have to craft a response back to the Employee Assistant with the key. While this seems fool proof with a bit of prompting, it is actually not airtight.
There are a couple potential risks here:
- Adversarial prompt injection
- Hallucinatoins the agent makes
- Indirect leakage through summaries
While not all of these loopholes will be relevant to every use case, they are real concerns that should be thought through any time you have permissions escalation in a multi agent system.
Action Release Gates are the DLP step for Agent to Agent communication. They make sure that prompt injection, hallucinations, or indirect leakage are not a problem and as a result they assign proper accountability when things go wrong.
How it works
When your approver approves the action to fetch data from Kandji, the IT/Security agent is in a state of permissions escalation. When data leaves this agent to go back to the Employee Assistant, it is going to a place with less permissions than where it came from. We have injected a mandatory approval step across these sensitive bridges to make sure that there is absolutely no situation where data is accidentally leaked when automating cross functional workflows.
To turn on the ARG, head over to the Deploy tab in the IT/Security agent and toggle it on. The approver of the ARG will see the original user intent as well as the ability the zoom into the steps taken to derive the answer, allowing them to confidently hit “Approve.”
Further Streamlining
We now have two approval steps in the end to end process. With the addition of the ARG, we can optionally auto approve the step before reaching out to Kandji to further streamline the workflow and save your team time. With the inclusion of the ARG, it will be apparent who has asked to carry out malicious behavior before the output fo that function can be returned to them.
