Databricks Omnigent Uses Contextual Policies to Block Slow-Burn Attacks
Databricks Omnigent has introduced stateful contextual policies designed to combat indirect prompt injection and slow-burn attacks. These policies track session risk across multiple actions, blocking outbound data exfiltration attempts that individual action checks would miss. This enhancement aims to protect against sophisticated attacks where malicious actions are disguised as routine operations, affecting users who employ AI agents for data processing and communication.
- →Omnigent's Stateful Contextual Policies for Session Risk Tracking
- →Tamper-Resistant Policy Management for Agents
- →Understanding Indirect Prompt Injection and Slow-Burn Attacks
- →Configurable Policy Actions: Block or Request Approval
Security (1) ›
- Tamper-Resistant Policy Management for Agents
The agent's control over policies is intentionally limited, with no tools to remove or disable existing guards. Adding new policies requires explicit user approval, and combined policies adhere to a 'single denial wins' rule, ensuring robust protection against agent-level manipulation.
Features (1) ›
- Omnigent's Stateful Contextual Policies for Session Risk Tracking
Databricks Omnigent now supports stateful contextual policies that monitor session events and maintain a risk score. These policies can dynamically allow, deny, or seek approval for actions based on the cumulative activity within a session, effectively identifying and blocking slow-burn attacks.
Enhancements (1) ›
- Configurable Policy Actions: Block or Request Approval
Contextual policies in Omnigent can be configured to either outright deny risky actions or to pause the process and request human approval. This flexibility allows for a tailored security approach that balances protection with operational continuity.
Notes (1) ›
- Understanding Indirect Prompt Injection and Slow-Burn Attacks
The post explains how indirect prompt injection hides instructions within fetched content, and how slow-burn attacks split malicious goals into seemingly harmless, isolated steps. Traditional security measures that evaluate actions individually fail to detect these combined threats, leading to potential data leaks.
https://www.databricks.com/blog/blocking-slow-burn-attacks-contextual-policies-omnigent
Related releases
- Databricks Genie: AI Coworker for Retail Finance Margin Protection Databricks Blog ·
- Databricks Lakebase Accelerators for Cross-Industry and Functional Solutions Databricks Blog ·
- Databricks SDK for Go v0.158.0 adds cleanrooms and pipelines fields Databricks Go SDK Releases ·
- Databricks SDK for Java v0.129.0 Adds Clean Rooms & Ads Fields Databricks Java SDK Releases ·
- Unity Catalog Managed Tables: Interoperability and Governance for Lakehouse Databricks Blog ·
- Databricks SDK Java v0.128.0: CDF Configs and Breaking IAM Changes Databricks Java SDK Releases ·