-
Sécurisez votre app : atténuez les risques liés aux fonctionnalités agentiques
Découvrez comment évaluer les menaces liées à l'injection indirecte de requêtes, telles que l'exfiltration de données et les actions involontaires. Découvrez les protections système et les bonnes pratiques de sécurité pour l'utilisation des App Intents et du framework Foundation Models, y compris des mesures d'atténuation telles que la confirmation par l'utilisateur, la conception de prompts sécurisés et l'authentification.
Chapitres
- 0:00 - Introduction
- 2:06 - Risks
- 6:32 - Threat modeling
- 11:56 - Implementing mitigations
- 12:03 - Foundation Models
- 17:55 - App Intents
Ressources
Vidéos connexes
WWDC26
- Créez des expériences d’apps agentiques avec le framework Foundation Models
- Créez des expériences Siri intelligentes avec App Schemas
- Explorez les fonctionnalités avancées d’App Intents pour Siri et Apple Intelligence
WWDC25
WWDC20
-
Rechercher dans cette vidéo…
-
-
12:50 - Tools
// Tools struct OrderTeaTool: Tool { let name = "orderTeaTool" let description: String = "Orders a particular quantity of a tea from the store." // Arguments // Implementation } struct PostAndFetchPublicFeedTool: Tool { let name = "postAndFetchPublicFeedTool" let description: String = "Posts a message to the public feed.” // Arguments // Implementation } -
13:13 - Profile
// Profile class LooseLeafAgent { struct DefaultProfile: LanguageModelSession.DynamicProfile { var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") OrderTeaTool() PostAndFetchPublicFeedTool() } .model(SystemLanguageModel()) } } } -
13:28 - Session
// Session class LooseLeafAgent { struct DefaultProfile: LanguageModelSession.DynamicProfile { var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") OrderTeaTool() PostAndFetchPublicFeedTool() } .model(SystemLanguageModel()) } } let session: LanguageModelSession public init() { self.session = LanguageModelSession(profile: DefaultProfile()) } } -
14:33 - Confirmation via onToolCall
// Confirmation via onToolCall var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") OrderTeaTool() // Financial impact; risky tool. // Other Tools } .onToolCall { call in guard call.toolName == "orderTeaTool" else { return } guard ConfirmationAction.confirmWithUser() else { throw LooseLeafError.userConfirmationDenied } } } -
15:56 - Spotlighting via historyTransform
// Spotlighting via historyTransform var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") PostAndFetchPublicFeedTool() // Returns untrusted data; requires spotlighting // Other Tools } .historyTransform {γentries in entries.map { entry in guard case .toolOutput(var toolOutput) = entry, toolOutput.toolName == "postAndFetchPublicFeedTool" else { return entry } } toolOutput.segments = toolOutput.segments.map { segment in delimit(segment: segment, startDelimiter: "<<UNTRUSTED>>", endDelimiter: "<</UNTRUSTED>>") } return .toolOutput(toolOutput) } } func delimit(segment: Transcript.Segment, startDelimiter: String, endDelimiter: String) -> Transcript.Segment -
16:48 - Redaction via historyTransform
// Redaction via historyTransform var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") PostAndFetchPublicFeedTool() // Returns untrusted data; requires spotlighting // Other Tools } .historyTransform {γentries in entries.map { entry in guard case .toolOutput(var toolOutput) = entry, toolOutput.toolName == "postAndFetchPublicFeedTool" else { return entry } } toolOutput.segments = toolOutput.segments.map { segment in redactPII(segment: segment, placeHolder: "[REDACTED]") } return .toolOutput(toolOutput) } } func redactPII(segment: Transcript.Segment, placeHolder: String) -> Transcript.Segment -
23:08 - Intent authentication policy
// Intent authentication policy struct DeletePhotoIntent: DeleteIntent { var entities: [LooseLeafPhoto] static var authenticationPolicy: IntentAuthenticationPolicy = .requiresAuthentication func perform() async throws -> some IntentResult { // Implementation } } -
23:27 - Schema authentication policy
// Schema authentication policy @AppIntent(schema: .photos.deleteAssets) struct DeletePhotoIntent { var entities: [LooseLeafPhoto] // Example: Schema default authentication policy is .requiresAuthentication func perform() async throws -> some IntentResult { // Implementation } }
-
-
- 0:00 - Introduction
Agentic features introduce new security risks. We cover how to identify those risks and introduce techniques and APIs to protect your users.
- 2:06 - Risks
Understand new risks that come with using agentic systems in your app.
- 6:32 - Threat modeling
A threat-modeling exercise for your app can help identify which context sources are untrusted and which actions are potentially risky.
- 11:56 - Implementing mitigations
Learn about concrete tools that you can use to secure your agentic app.
- 12:03 - Foundation Models
If you use the Foundation Models framework, learn how to inject security checkpoints into your agent execution.
- 17:55 - App Intents
Learn about security mitigations available when integrating with Apple Intelligence using App Intents.