Sécurisez votre app : atténuez les risques liés aux fonctionnalités agentiques

Découvrez comment évaluer les menaces liées à l'injection indirecte de requêtes, telles que l'exfiltration de données et les actions involontaires. Découvrez les protections système et les bonnes pratiques de sécurité pour l'utilisation des App Intents et du framework Foundation Models, y compris des mesures d'atténuation telles que la confirmation par l'utilisateur, la conception de prompts sécurisés et l'authentification.

Chapitres

0:00 - Introduction
2:06 - Risques
6:32 - Modélisation des menaces
11:56 - Mise en œuvre de mesures d’atténuation
12:03 - Foundation Models
17:55 - App Intents

Ressources

Vidéos connexes

WWDC26

WWDC25

Explorez la conception rapide et la sécurité pour les modèles de fondation sur l’appareil

WWDC20

Secure your app: threat modeling and anti-patterns

12:50 - Tools

// Tools

struct OrderTeaTool: Tool {
  let name = "orderTeaTool"
  let description: String = "Orders a particular quantity of a tea from the store."
  // Arguments
  // Implementation
}

struct PostAndFetchPublicFeedTool: Tool {
  let name = "postAndFetchPublicFeedTool"
  let description: String = "Posts a message to the public feed.”
  // Arguments
  // Implementation
}

13:13 - Profile

// Profile

class LooseLeafAgent {
  struct DefaultProfile: LanguageModelSession.DynamicProfile {
    var body: some DynamicProfile {
      Profile {
        Instructions("You are a helpful, tea-loving assistant ... ")

        OrderTeaTool()
        PostAndFetchPublicFeedTool()
      }
      .model(SystemLanguageModel())
    }
  }
}

13:28 - Session

// Session 

class LooseLeafAgent {
  struct DefaultProfile: LanguageModelSession.DynamicProfile {
    var body: some DynamicProfile {
      Profile {
        Instructions("You are a helpful, tea-loving assistant ... ")

        OrderTeaTool()
        PostAndFetchPublicFeedTool()
      }
      .model(SystemLanguageModel())
    }
  }

  let session: LanguageModelSession

  public init() {
    self.session = LanguageModelSession(profile: DefaultProfile())
  }
}

14:33 - Confirmation via onToolCall

// Confirmation via onToolCall

var body: some DynamicProfile {
  Profile {
    Instructions("You are a helpful, tea-loving assistant ... ")

    OrderTeaTool() // Financial impact; risky tool.
    // Other Tools
  }
  
  .onToolCall { call in
    guard call.toolName == "orderTeaTool" else {
      return
    }
    guard ConfirmationAction.confirmWithUser() else {
      throw LooseLeafError.userConfirmationDenied
    }
  }
}

15:56 - Spotlighting via historyTransform

// Spotlighting via historyTransform

var body: some DynamicProfile {
  Profile {
    Instructions("You are a helpful, tea-loving assistant ... ")

    PostAndFetchPublicFeedTool() // Returns untrusted data; requires spotlighting
    // Other Tools
  }

  .historyTransform {γentries in
    entries.map { entry in
      guard case .toolOutput(var toolOutput) = entry,
        toolOutput.toolName == "postAndFetchPublicFeedTool"
      else {
        return entry
      }
    }
    toolOutput.segments = toolOutput.segments.map { segment in
      delimit(segment: segment,
              startDelimiter: "<<UNTRUSTED>>",
              endDelimiter: "<</UNTRUSTED>>")
    }
    return .toolOutput(toolOutput)
  }
}

func delimit(segment: Transcript.Segment,
             startDelimiter: String,
             endDelimiter: String) -> Transcript.Segment

16:48 - Redaction via historyTransform

// Redaction via historyTransform

var body: some DynamicProfile {
  Profile {
    Instructions("You are a helpful, tea-loving assistant ... ")

    PostAndFetchPublicFeedTool() // Returns untrusted data; requires spotlighting
    // Other Tools
  }

  .historyTransform {γentries in
    entries.map { entry in
      guard case .toolOutput(var toolOutput) = entry,
        toolOutput.toolName == "postAndFetchPublicFeedTool"
      else {
        return entry
      }
    }
    toolOutput.segments = toolOutput.segments.map { segment in
      redactPII(segment: segment,
                placeHolder: "[REDACTED]")
    }
    return .toolOutput(toolOutput)
  }
}

func redactPII(segment: Transcript.Segment,
               placeHolder: String) -> Transcript.Segment

23:08 - Intent authentication policy

// Intent authentication policy

struct DeletePhotoIntent: DeleteIntent {
    var entities: [LooseLeafPhoto]

    static var authenticationPolicy: IntentAuthenticationPolicy = .requiresAuthentication

    func perform() async throws -> some IntentResult {
        // Implementation
    }
}

23:27 - Schema authentication policy

// Schema authentication policy

@AppIntent(schema: .photos.deleteAssets)
struct DeletePhotoIntent {
    var entities: [LooseLeafPhoto]

    // Example: Schema default authentication policy is .requiresAuthentication

    func perform() async throws -> some IntentResult {
        // Implementation
    }
}

Explore Get Started

Stay Updated

Explore Platforms

Featured

Explore Technologies

Featured

Explore Community

Featured

Explore Documentation

Release Notes

Explore Downloads

Featured

Explore Support

Featured

Quick Links

Sécurisez votre app : atténuez les risques liés aux fonctionnalités agentiques

Chapitres

Ressources

Vidéos connexes

WWDC26

WWDC25

WWDC20