-
앱 보호하기: 에이전틱 기능에 대한 위험 완화하기
데이터 유출과 의도하지 않은 동작 같은 간접적인 프롬프트 인젝션으로 인한 위협을 평가하는 방법을 살펴보세요. 사용자 확인, 안전한 프롬프트 설계, 인증과 같은 보안 강화 기능 등 앱 인텐트와 Foundation Models 프레임워크 사용을 위한 시스템 보호 기능과 보안 모범 사례를 살펴보세요.
챕터
- 0:00 - Introduction
- 2:06 - Risks
- 6:32 - Threat modeling
- 11:56 - Implementing mitigations
- 12:03 - Foundation Models
- 17:55 - App Intents
리소스
관련 비디오
WWDC26
- 앱 스키마로 지능형 Siri 경험 빌드하기
- Foundation Models 프레임워크로 에이전틱 앱 경험 빌드하기
- Siri 및 Apple Intelligence를 위한 고급 앱 인텐트 기능 살펴보기
WWDC25
WWDC20
-
비디오 검색…
-
-
12:50 - Tools
// Tools struct OrderTeaTool: Tool { let name = "orderTeaTool" let description: String = "Orders a particular quantity of a tea from the store." // Arguments // Implementation } struct PostAndFetchPublicFeedTool: Tool { let name = "postAndFetchPublicFeedTool" let description: String = "Posts a message to the public feed.” // Arguments // Implementation } -
13:13 - Profile
// Profile class LooseLeafAgent { struct DefaultProfile: LanguageModelSession.DynamicProfile { var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") OrderTeaTool() PostAndFetchPublicFeedTool() } .model(SystemLanguageModel()) } } } -
13:28 - Session
// Session class LooseLeafAgent { struct DefaultProfile: LanguageModelSession.DynamicProfile { var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") OrderTeaTool() PostAndFetchPublicFeedTool() } .model(SystemLanguageModel()) } } let session: LanguageModelSession public init() { self.session = LanguageModelSession(profile: DefaultProfile()) } } -
14:33 - Confirmation via onToolCall
// Confirmation via onToolCall var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") OrderTeaTool() // Financial impact; risky tool. // Other Tools } .onToolCall { call in guard call.toolName == "orderTeaTool" else { return } guard ConfirmationAction.confirmWithUser() else { throw LooseLeafError.userConfirmationDenied } } } -
15:56 - Spotlighting via historyTransform
// Spotlighting via historyTransform var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") PostAndFetchPublicFeedTool() // Returns untrusted data; requires spotlighting // Other Tools } .historyTransform {γentries in entries.map { entry in guard case .toolOutput(var toolOutput) = entry, toolOutput.toolName == "postAndFetchPublicFeedTool" else { return entry } } toolOutput.segments = toolOutput.segments.map { segment in delimit(segment: segment, startDelimiter: "<<UNTRUSTED>>", endDelimiter: "<</UNTRUSTED>>") } return .toolOutput(toolOutput) } } func delimit(segment: Transcript.Segment, startDelimiter: String, endDelimiter: String) -> Transcript.Segment -
16:48 - Redaction via historyTransform
// Redaction via historyTransform var body: some DynamicProfile { Profile { Instructions("You are a helpful, tea-loving assistant ... ") PostAndFetchPublicFeedTool() // Returns untrusted data; requires spotlighting // Other Tools } .historyTransform {γentries in entries.map { entry in guard case .toolOutput(var toolOutput) = entry, toolOutput.toolName == "postAndFetchPublicFeedTool" else { return entry } } toolOutput.segments = toolOutput.segments.map { segment in redactPII(segment: segment, placeHolder: "[REDACTED]") } return .toolOutput(toolOutput) } } func redactPII(segment: Transcript.Segment, placeHolder: String) -> Transcript.Segment -
23:08 - Intent authentication policy
// Intent authentication policy struct DeletePhotoIntent: DeleteIntent { var entities: [LooseLeafPhoto] static var authenticationPolicy: IntentAuthenticationPolicy = .requiresAuthentication func perform() async throws -> some IntentResult { // Implementation } } -
23:27 - Schema authentication policy
// Schema authentication policy @AppIntent(schema: .photos.deleteAssets) struct DeletePhotoIntent { var entities: [LooseLeafPhoto] // Example: Schema default authentication policy is .requiresAuthentication func perform() async throws -> some IntentResult { // Implementation } }
-
-
- 0:00 - Introduction
Agentic features introduce new security risks. We cover how to identify those risks and introduce techniques and APIs to protect your users.
- 2:06 - Risks
Understand new risks that come with using agentic systems in your app.
- 6:32 - Threat modeling
A threat-modeling exercise for your app can help identify which context sources are untrusted and which actions are potentially risky.
- 11:56 - Implementing mitigations
Learn about concrete tools that you can use to secure your agentic app.
- 12:03 - Foundation Models
If you use the Foundation Models framework, learn how to inject security checkpoints into your agent execution.
- 17:55 - App Intents
Learn about security mitigations available when integrating with Apple Intelligence using App Intents.