Cryptographic Prompt Fencing Demo
Generate your Ed25519 signing key pair so that the agent can continually verify that instructions are only coming from you.
Select which operations you authorize the agent to perform. This prevents it from executing actions beyond what you intended.
Send a message to see the agent's response
Demonstrations of how cryptographic signing protects against prompt injection attacks from untrusted external data sources.
Malicious calendar events and emails can contain hidden instructions. The signed message proves your intent hasn't been tampered with.
A malicious calendar event contains hidden instructions that try to override your original intent.
A phishing email attempts to manipulate the agent into performing unauthorized actions.
No message sent yet
Intent Tokens cryptographically bind user requests to specific action scopes:
If prompt is modified after signing, or LLM tries to call tools outside the signed scope, the request is rejected.
Quick callout while you click around: these are the design choices that make this feel different from a typical OAuth app demo.
Auth0 handles authentication, while each user can register an Ed25519 public key for message verification. That means the app checks both who is logged in and whether a request is cryptographically bound to that user.
A short-lived JWT carries a hash of the exact prompt and the allowed action scope. If text changes after signing, or a tool call exceeds signed scope, the request is rejected.
Exchanged service tokens are kept out of model-visible context. The agent receives only safe metadata for orchestration, reducing accidental credential exposure risk.
Processing...