Prismata: Confining cross-site prompt injection in web agents
web securitycross-site prompt injectioncontextual least privilegeweb agentscryptography and security
Author: zhinit
Date: 7/10/2026
Article Summary:
This paper presents Prismata, a defense mechanism that confines cross-site prompt injection in web agents by enforcing contextual least privilege and constraining what the agent sees and can do.