databricks Databricks Blog ·

Databricks Omnigent Uses Contextual Policies to Block Slow-Burn Attacks

blogsecuritydatabricksengineer
feature

Databricks Omnigent has introduced stateful contextual policies designed to combat indirect prompt injection and slow-burn attacks. These policies track session risk across multiple actions, blocking outbound data exfiltration attempts that individual action checks would miss. This enhancement aims to protect against sophisticated attacks where malicious actions are disguised as routine operations, affecting users who employ AI agents for data processing and communication.

  • Omnigent's Stateful Contextual Policies for Session Risk Tracking
  • Tamper-Resistant Policy Management for Agents
  • Understanding Indirect Prompt Injection and Slow-Burn Attacks
  • Configurable Policy Actions: Block or Request Approval
Security (1)
  • Tamper-Resistant Policy Management for Agents

    The agent's control over policies is intentionally limited, with no tools to remove or disable existing guards. Adding new policies requires explicit user approval, and combined policies adhere to a 'single denial wins' rule, ensuring robust protection against agent-level manipulation.

Features (1)
  • Omnigent's Stateful Contextual Policies for Session Risk Tracking

    Databricks Omnigent now supports stateful contextual policies that monitor session events and maintain a risk score. These policies can dynamically allow, deny, or seek approval for actions based on the cumulative activity within a session, effectively identifying and blocking slow-burn attacks.

Enhancements (1)
  • Configurable Policy Actions: Block or Request Approval

    Contextual policies in Omnigent can be configured to either outright deny risky actions or to pause the process and request human approval. This flexibility allows for a tailored security approach that balances protection with operational continuity.

Notes (1)
  • Understanding Indirect Prompt Injection and Slow-Burn Attacks

    The post explains how indirect prompt injection hides instructions within fetched content, and how slow-burn attacks split malicious goals into seemingly harmless, isolated steps. Traditional security measures that evaluate actions individually fail to detect these combined threats, leading to potential data leaks.

Read the original announcement →

https://www.databricks.com/blog/blocking-slow-burn-attacks-contextual-policies-omnigent

Related releases