Oracles Technologies LLC

Strong principle; human on every write is right. One nuance worth naming: HITL stops the AI from acting autonomously, but not from proposing a manipulated action. A poisoned invoice or memo the agent reads can pre-fill a transfer to the wrong account, and "user submits" becomes a rubber stamp. The real control is inspecting what the agent ingests and what it proposes, before the human is asked to approve it.

The attacks we obsess over live inside the agent loop; a poisoned tool result or MCP response that never reads as a "malicious prompt" on the wire. Ethicore Engine™ - Guardian enforces at all four boundaries and secures the entire agentic loop: input, retrieved/tool output, the tool call before it runs, and output. 160+ categories. Complementary more than competing: an embeddable detector at the boundary, correlation in the SOC.

Indirect prompt injection lives in TOOL OUTPUT, not just the user prompt. If your agent reads from Sentry / GitHub / a webpage / a DB and acts on it, that's your attack surface. Keep your agents secure! pip install ethicore-engine-guardian https://t.co/B8rVv9Y8mm Intelligence With Integrity.

The fix isn't at Sentry. It's at the agent: treat tool/MCP output as UNTRUSTED INPUT and scan it before it re-enters context. That's what Guardian SDK does. I ran a poisoned Sentry event through it: scan_tool_output → BLOCK, injection_score 100/100 benign error event → ALLOW, 0