BlindE separates LLM planning from data execution, enabling agents to orchestrate tasks using blind references without observing sensitive data. This memory-safe architecture prevents data leakage and injection attacks by design.
- Blind Planning: Agents use data references they cannot observe
- Policy Enforcement: Validates all data flows before execution
- Secure Runtime: Executes tools with real data in isolation
Agent generates blind execution plan → Tool calls process data without returning to LLM → Policy validates data flow at all times → Only authorized results returned
Provides guarantees against indirect prompt injection (XPIA), data exfiltration, and tool confusion through architectural separation.
We investigate this prototype and security pattern in more detail in this preliminary paper
You can open the notebook directly in google colab
Alternatively for local execution:
git clone https://github.com/its-emile/memory-safe-agent
jupyter notebook Memory_safe_Agent.ipynbBlindE is an example of patterns to mitigate data exopsure risks in AI agents, for more mitigations for AI agent security risks see OWASP Agentic AI Security Guide.