Docs

Valta Docs

Security Best Practices

Prompt injection attacks

An AI agent can be hijacked by hiding instructions inside external content it reads. In May 2026, a developer demonstrated that Morse code embedded in a tweet reply was decoded and executed by a crypto bot, which sent real tokens to the attacker's wallet.

This is prompt injection. External content that the agent reads — web pages, emails, API responses — can contain adversarial instructions that the model follows as if they came from you.

How Valta defends against it

1. Input scanning

Valta scans every task instruction before the AI model sees it. Over 25 known patterns are detected: Morse code, base64, unicode escapes, instruction overrides, financial command injection. Detected attempts are blocked and logged to the audit trail as injection_attempt_blocked.

2. Content isolation

External content returned by tools is wrapped in a safety envelope before re-entering the AI context. The model is explicitly told that everything between the markers is data, not instructions.

3. Policy enforcement in code

Even if injected content reaches the model and the model attempts a financial action, policy checks run in the backend before money moves. The model cannot override a limit by claiming urgency.

What you should do

  • Set requireApprovalAbove for all agents handling external content
  • Set maxPerTransaction — never leave it unlimited
  • Use allowedDomains to restrict which APIs agents can call
  • Review the audit trail regularly for injection_attempt_blocked entries
  • Never give an agent more funds than it needs for its task

API key security

  • Generate separate keys per project — do not share a key across multiple services
  • Revoke keys you are not using: await valta.keys.revoke(keyId)
  • Never expose keys client-side (browser, mobile app)
  • Rotate keys if you suspect compromise: await valta.auth.refreshToken()
  • The full key is shown once at creation time — store it immediately in a secrets manager (HashiCorp Vault, AWS Secrets Manager, Vercel environment variables)

If an agent is compromised

ts
// 1. Freeze immediately
await valta.agents.freeze(compromisedAgentId)

// 2. Export audit trail
const entries = await valta.audit.export({ agentId: compromisedAgentId })

// 3. Rotate your API key
const { token } = await valta.auth.refreshToken()
// Update the new token in your environment variables

// 4. Review and decide whether to delete or restore the agent