Open Source Credential Proxy and Vault for Agents
twitter.comDoes this prevent a compromised agent from using the secret, or just seeing it? I’m thinking, if an agent gets hit with a prompt injection, could it still tell the vault to proxy a request that wipes a database for example, even if it never sees the actual API key?
It prevents a compromised agent from seeing the secret. There are two different but related problems here: credential exfiltration and data exfiltration.
The problem that Agent Vault (AV) solves is the former while the latter requires more guardrails beyond the scope of AV.
In the event that an agent is compromised, are you are at least able to revoke its access since request/data flow runs through AV; the malicious actor does not get any credentials.
Now if the attacker was to obtain credentials in the first place, you'd be stuck chasing down hundreds, if not thousands, of secrets especially if the agent was part of a multi-tenant system doing things on behalf of users.