アプリの保護：エージェント型機能によるリスクの軽減

アプリの保護：エージェント型機能によるリスクの軽減

データ流出や意図しないアクションなどを引き起こす、間接プロンプトインジェクションによる脅威を評価する方法を解説します。App IntentやFoundation Modelフレームワークを利用する上でのシステム保護策とセキュリティのベストプラクティス（ユーザーの確認、セキュアなプロンプト設計、認証など）を紹介します。

関連する章
- 0:00 - Introduction
- 2:06 - Risks
- 6:32 - Threat modeling
- 11:56 - Implementing mitigations
- 12:03 - Foundation Models
- 17:55 - App Intents
リソース
- Security Overview
- - HDビデオ
  - SDビデオ
関連ビデオ

WWDC26
WWDC25
- オンデバイス基盤モデルのためのプロンプトの設計と安全性の詳細
WWDC20
- Appの保護：脅威のモデリングとアンチパターン

12:50 - Tools

// Tools

struct OrderTeaTool: Tool {
  let name = "orderTeaTool"
  let description: String = "Orders a particular quantity of a tea from the store."
  // Arguments
  // Implementation
}

struct PostAndFetchPublicFeedTool: Tool {
  let name = "postAndFetchPublicFeedTool"
  let description: String = "Posts a message to the public feed.”
  // Arguments
  // Implementation
}

13:13 - Profile

// Profile

class LooseLeafAgent {
  struct DefaultProfile: LanguageModelSession.DynamicProfile {
    var body: some DynamicProfile {
      Profile {
        Instructions("You are a helpful, tea-loving assistant ... ")

        OrderTeaTool()
        PostAndFetchPublicFeedTool()
      }
      .model(SystemLanguageModel())
    }
  }
}

13:28 - Session

// Session 

class LooseLeafAgent {
  struct DefaultProfile: LanguageModelSession.DynamicProfile {
    var body: some DynamicProfile {
      Profile {
        Instructions("You are a helpful, tea-loving assistant ... ")

        OrderTeaTool()
        PostAndFetchPublicFeedTool()
      }
      .model(SystemLanguageModel())
    }
  }

  let session: LanguageModelSession

  public init() {
    self.session = LanguageModelSession(profile: DefaultProfile())
  }
}

14:33 - Confirmation via onToolCall

// Confirmation via onToolCall

var body: some DynamicProfile {
  Profile {
    Instructions("You are a helpful, tea-loving assistant ... ")

    OrderTeaTool() // Financial impact; risky tool.
    // Other Tools
  }
  
  .onToolCall { call in
    guard call.toolName == "orderTeaTool" else {
      return
    }
    guard ConfirmationAction.confirmWithUser() else {
      throw LooseLeafError.userConfirmationDenied
    }
  }
}

15:56 - Spotlighting via historyTransform

// Spotlighting via historyTransform

var body: some DynamicProfile {
  Profile {
    Instructions("You are a helpful, tea-loving assistant ... ")

    PostAndFetchPublicFeedTool() // Returns untrusted data; requires spotlighting
    // Other Tools
  }

  .historyTransform {γentries in
    entries.map { entry in
      guard case .toolOutput(var toolOutput) = entry,
        toolOutput.toolName == "postAndFetchPublicFeedTool"
      else {
        return entry
      }
    }
    toolOutput.segments = toolOutput.segments.map { segment in
      delimit(segment: segment,
              startDelimiter: "<<UNTRUSTED>>",
              endDelimiter: "<</UNTRUSTED>>")
    }
    return .toolOutput(toolOutput)
  }
}

func delimit(segment: Transcript.Segment,
             startDelimiter: String,
             endDelimiter: String) -> Transcript.Segment

16:48 - Redaction via historyTransform

// Redaction via historyTransform

var body: some DynamicProfile {
  Profile {
    Instructions("You are a helpful, tea-loving assistant ... ")

    PostAndFetchPublicFeedTool() // Returns untrusted data; requires spotlighting
    // Other Tools
  }

  .historyTransform {γentries in
    entries.map { entry in
      guard case .toolOutput(var toolOutput) = entry,
        toolOutput.toolName == "postAndFetchPublicFeedTool"
      else {
        return entry
      }
    }
    toolOutput.segments = toolOutput.segments.map { segment in
      redactPII(segment: segment,
                placeHolder: "[REDACTED]")
    }
    return .toolOutput(toolOutput)
  }
}

func redactPII(segment: Transcript.Segment,
               placeHolder: String) -> Transcript.Segment

23:08 - Intent authentication policy

// Intent authentication policy

struct DeletePhotoIntent: DeleteIntent {
    var entities: [LooseLeafPhoto]

    static var authenticationPolicy: IntentAuthenticationPolicy = .requiresAuthentication

    func perform() async throws -> some IntentResult {
        // Implementation
    }
}

23:27 - Schema authentication policy

// Schema authentication policy

@AppIntent(schema: .photos.deleteAssets)
struct DeletePhotoIntent {
    var entities: [LooseLeafPhoto]

    // Example: Schema default authentication policy is .requiresAuthentication

    func perform() async throws -> some IntentResult {
        // Implementation
    }
}

- 0:00 - Introduction
- Agentic features introduce new security risks. We cover how to identify those risks and introduce techniques and APIs to protect your users.
- 2:06 - Risks
- Understand new risks that come with using agentic systems in your app.
- 6:32 - Threat modeling
- A threat-modeling exercise for your app can help identify which context sources are untrusted and which actions are potentially risky.
- 11:56 - Implementing mitigations
- Learn about concrete tools that you can use to secure your agentic app.
- 12:03 - Foundation Models
- If you use the Foundation Models framework, learn how to inject security checkpoints into your agent execution.
- 17:55 - App Intents
- Learn about security mitigations available when integrating with Apple Intelligence using App Intents.

「今すぐ始める」を詳しく見る

最新情報

プラットフォームを詳しく見る

特集

テクノロジーを詳しく見る

特集

コミュニティを詳しく見る

特集

ドキュメントを詳しく見る

リリースノート

ダウンロードを詳しく見る

特集

サポートを詳しく見る

特集

クイックリンク

関連する章

リソース

関連ビデオ

WWDC26

WWDC25

WWDC20