How do you defend against prompt-injection attacks that cause the agent to call legitimate endpoints but exfiltrate sensitive data through the response?
How do you defend against prompt-injection attacks that cause the agent to call legitimate endpoints but exfiltrate sensitive data through the response?