A defensive technique using object-capabilities for sandboxing SQL queries in LLM agents is presented, aiming to prevent malicious database access. A live CTF challenges participants to break the capability layer protecting a bitcoin wallet, offering a bounty for successful exploits, and the code is open source.
Writeup on a defensive technique for constraining LLM agent database access: The core idea: instead of detecting bad queries at runtime, make them structurally inexpressible via object-capabilities. Live CTF: two DB agents guarding bitcoin wallets -- one protected by system prompt (already broken), one by capability layer (~$1K still standing). Interested in feedback on the threat model. Code is open source. submitted by /u/ryanrasti [link] [comments]