A security idea for keeping AI agents inside the right task scope

means keeping an AI agent under the instructions and limits it was actually allowed to follow, even when outside input tries to pull it away. A constraint is anything that changes the chance of which token the model picks next.

is one case where untrusted content tries to act like a higher-priority instruction. also covers harmless but distracting information, excessive requests, metadata pressure, fake state claims, tool-use drift, and later context that pollutes the task.

Related ideas include , access-control scope, tool-call validation, defense, separating data from instructions, and capability scoping. The main goal is to stop outside input from redefining the task, the reason for a step, allowed tools, , assumed state, or required output.

Key points

  • is about preserving the priority of approved instructions and limits.
  • is treated as only one way can fail.
  • Benign distractions, metadata, fake state, and tool-use drift can also pull an agent off course.
  • AI agents should not let outside input redefine the task, tools, , state, or output.
Read original