-
Proteja seu app: mitigue os riscos associados a recursos agênticos
Saiba como avaliar ameaças de injeção indireta de prompts, como exfiltração de dados e ações não intencionais. Conheça as proteções do sistema e as práticas recomendadas de segurança para o uso do App Intents e do framework Foundation Models, incluindo medidas como confirmações do usuário, design seguro de prompts e autenticação.
Capítulos
- 0:00 - Introduction
- 2:06 - Risks
- 6:32 - Threat modeling
- 11:56 - Implementing mitigations
- 12:03 - Foundation Models
- 17:55 - App Intents
Recursos
Vídeos relacionados
WWDC26
- Crie experiências agênticas em apps com o framework Foundation Models
- Crie experiências inteligentes com a Siri usando App Schemas
- Descubra recursos avançados do App Intents para Siri e Apple Intelligence
WWDC25
WWDC20
-
Buscar neste vídeo...
-
-
12:50 - Tools
// Tools struct OrderTeaTool: Tool { let name = "orderTeaTool" let description: String = "Orders a particular quantity of a tea from the store." // Arguments // Implementation } struct PostAndFetchPublicFeedTool: Tool { let name = "postAndFetchPublicFeedTool" let description: String = "Posts a message to the public feed.” // Arguments // Implementation } -
13:13 - Profile
// Profile class LooseLeafAgent { struct DefaultProfile: LanguageModelSession.DynamicProfile { var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") OrderTeaTool() PostAndFetchPublicFeedTool() } .model(SystemLanguageModel()) } } } -
13:28 - Session
// Session class LooseLeafAgent { struct DefaultProfile: LanguageModelSession.DynamicProfile { var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") OrderTeaTool() PostAndFetchPublicFeedTool() } .model(SystemLanguageModel()) } } let session: LanguageModelSession public init() { self.session = LanguageModelSession(profile: DefaultProfile()) } } -
14:33 - Confirmation via onToolCall
// Confirmation via onToolCall var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") OrderTeaTool() // Financial impact; risky tool. // Other Tools } .onToolCall { call in guard call.toolName == "orderTeaTool" else { return } guard ConfirmationAction.confirmWithUser() else { throw LooseLeafError.userConfirmationDenied } } } -
15:56 - Spotlighting via historyTransform
// Spotlighting via historyTransform var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") PostAndFetchPublicFeedTool() // Returns untrusted data; requires spotlighting // Other Tools } .historyTransform {γentries in entries.map { entry in guard case .toolOutput(var toolOutput) = entry, toolOutput.toolName == "postAndFetchPublicFeedTool" else { return entry } } toolOutput.segments = toolOutput.segments.map { segment in delimit(segment: segment, startDelimiter: "<<UNTRUSTED>>", endDelimiter: "<</UNTRUSTED>>") } return .toolOutput(toolOutput) } } func delimit(segment: Transcript.Segment, startDelimiter: String, endDelimiter: String) -> Transcript.Segment -
16:48 - Redaction via historyTransform
// Redaction via historyTransform var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") PostAndFetchPublicFeedTool() // Returns untrusted data; requires spotlighting // Other Tools } .historyTransform {γentries in entries.map { entry in guard case .toolOutput(var toolOutput) = entry, toolOutput.toolName == "postAndFetchPublicFeedTool" else { return entry } } toolOutput.segments = toolOutput.segments.map { segment in redactPII(segment: segment, placeHolder: "[REDACTED]") } return .toolOutput(toolOutput) } } func redactPII(segment: Transcript.Segment, placeHolder: String) -> Transcript.Segment -
23:08 - Intent authentication policy
// Intent authentication policy struct DeletePhotoIntent: DeleteIntent { var entities: [LooseLeafPhoto] static var authenticationPolicy: IntentAuthenticationPolicy = .requiresAuthentication func perform() async throws -> some IntentResult { // Implementation } } -
23:27 - Schema authentication policy
// Schema authentication policy @AppIntent(schema: .photos.deleteAssets) struct DeletePhotoIntent { var entities: [LooseLeafPhoto] // Example: Schema default authentication policy is .requiresAuthentication func perform() async throws -> some IntentResult { // Implementation } }
-
-
- 0:00 - Introduction
Agentic features introduce new security risks. We cover how to identify those risks and introduce techniques and APIs to protect your users.
- 2:06 - Risks
Understand new risks that come with using agentic systems in your app.
- 6:32 - Threat modeling
A threat-modeling exercise for your app can help identify which context sources are untrusted and which actions are potentially risky.
- 11:56 - Implementing mitigations
Learn about concrete tools that you can use to secure your agentic app.
- 12:03 - Foundation Models
If you use the Foundation Models framework, learn how to inject security checkpoints into your agent execution.
- 17:55 - App Intents
Learn about security mitigations available when integrating with Apple Intelligence using App Intents.