You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: cheatsheets/AI_Agent_Security_Cheat_Sheet.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -662,15 +662,15 @@ class SecureContextBuilder:
662
662
```
663
663
### 9. Identity Propagation & Context
664
664
665
-
-Enforce User Context Propagation:
665
+
-Enforce User Context Propagation:
666
666
Require agents to pass the user's original authentication token (e.g., JWT) to any backend tool or API.
667
-
-Validate at the Source:
667
+
-Validate at the Source:
668
668
Ensure backend services validate the user's identity and permissions, preventing the agent from acting as a privileged "super-user".
669
-
-Maintain Audit Trails:
669
+
-Maintain Audit Trails:
670
670
Log all agent actions with the associated user identity to ensure non-repudiation and clear accountability.
671
-
-To ensure the agent only has the same permissions as the user (no "Super-User" powers).
672
-
-Telling the database: This request is coming from User, only show him his own data.
673
-
-Prevent Privilege Escalation: Ensure the agent only possesses the same permissions as the active user by acting as a passthrough for the user's authenticated identity.
671
+
-To ensure the agent only has the same permissions as the user (no "Super-User" powers).
672
+
-Telling the database: This request is coming from User, only show him his own data.
673
+
-Prevent Privilege Escalation: Ensure the agent only possesses the same permissions as the active user by acting as a passthrough for the user's authenticated identity.
674
674
675
675
Implementation: Passing User Identity to AI Tools (Python/FastAPI)
0 commit comments