Glossary · Term

CaMeL

← all terms

Definition

Plain language

A defense that tries to keep an AI agent safe by tracking how data flows through it.

As stated in the literature

A data-flow-based defense against prompt injection that constrains how untrusted content can influence agent actions; the strongest competing baseline in the DASGuard trojan-backdoor evaluation, but one that does not carry provenance tracking into persistent state.

Why it matters: It guards agents against prompt injection by watching how data moves through them, though it can miss attacks that hide in saved state it doesn't keep tracking.

For example, if an agent reads a web page containing a sneaky hidden instruction, this defense tracks that the instruction came from untrusted text and refuses to act on it.

Heard on the show

“The best competitor — a data-flow defense called CaMeL — got it down to seventy-four percent.”
Episode 105 — The Trojan Is Your Agent's Memory: Why Single-Step Defenses Miss Persistent Attacks

Mentioned in 1 episode

  1. 105
    The Trojan Is Your Agent's Memory: Why Single-Step Defenses Miss Persistent Attacks

Related terms