AgentFence Feature

Stop the Injection - and the Action It Wants

A prompt firewall inspects inputs for injection. AgentFence adds the layer that matters most: even if an injection slips through, the action it tries to trigger still faces the decision point.

Talk to usFree to start - no card required.
AgentFence · Prompt Firewall
PROMPTS INSPECTED
12,940
inbound
INJECTIONS FLAGGED
86
this week
ACTIONS STOPPED
19
post-injection
“Ignore previous instructions” patternflagged
Hidden instruction in pasted docflagged
Injected export attemptblocked at PDP
Benign promptallow
POST /guardrails/inspectper-prompt

Illustrative product view

Defense in two layers

Prompt injection tricks a model into following instructions hidden in its input - a pasted document, a web page, a tool result. AgentFence defends in two layers. First, it inspects inbound prompts for injection patterns (POST /guardrails/inspect). Second, and more importantly, it governs the action the injected prompt tries to trigger: even a successful injection has to get its action past the decision point, where scope, tenant, and sensitivity rules still apply.

What the firewall inspects

LayerWhat it doesExample
Prompt inspectionFlag injection patterns in input“Ignore previous instructions”
Hidden-instruction detectionCatch instructions in pasted contentPayload buried in a document
Action governanceGate what an injected prompt tries to doInjected export denied by scope
Data boundaryBlock sensitive data egressInjected exfil attempt gated
Prompt-layer and action-layer defense

Why both layers matter

  • Prompt inspection reduces how often an injection reaches the model
  • Action governance ensures a slipped-through injection still can’t act
  • Data boundaries stop injected attempts to exfiltrate sensitive data
  • Every blocked injection and action is recorded as evidence

How it connects

The prompt firewall shares the inspect path with AI DLP and the classification engine, and it hands off to the decision point and agent guardrails for action-layer enforcement. Red-team prompt-injection scenarios test both layers, so you can measure how the combined defense holds up.

Frequently asked questions

What is a prompt injection firewall?

A prompt injection firewall inspects inbound prompts for instructions that try to hijack a model - like text telling it to ignore its guidelines or exfiltrate data. AgentFence inspects prompts at /guardrails/inspect and, critically, also governs the action an injected prompt tries to trigger, so a slipped-through injection still faces the decision point.

Can any firewall catch every prompt injection?

No, and that is the point of the two-layer design. Prompt inspection reduces how often an injection reaches the model, but the durable defense is action governance: even a successful injection cannot make an agent exceed its scope, touch a forbidden target, or exfiltrate data, because the action itself is authorized independently.

How does action governance stop an injected attack?

The action an injected prompt produces still goes through the decision point, where tenant isolation, scope containment, and the sensitivity ladder apply. An injected attempt to export records or move money is denied or stepped up if it exceeds the agent’s authorized scope - so the model may be fooled, but the action fails.

Is prompt injection defense tested?

Yes. AI red-teaming includes prompt-injection scenarios that exercise both the prompt-inspection layer and the action-governance layer, producing a resilience score. That lets you measure how well the combined defense holds up and track improvement as you tighten policies.

Stay in the loop

One practical finance briefing a week - new guides, checklists, and benchmarks.

 

Defend prompts and the actions behind them

Inspect for injection, then govern the action so a slipped-through prompt still can’t act.

Talk to us