Practitioner · 15–25 min
Output Safety Lab
Paste model output, select the output sink, and get instant safety findings. Learn why AI output that looks harmless in one sink becomes dangerous in another.
Learning objectives
- Learn the 8 output sink types and why each carries distinct risk
- Test HTML output for script tags, event handlers, and iframe injection patterns
- Understand why Markdown rendered without escaping enables link beaconing and SSRF
- Detect dangerous tool call argument patterns before they reach execution
8 sink types
HTML
Script injection, event handlers, iframes
Markdown
Link beacons, javascript: URLs, open redirects
JSON
Command fields, over-scoped resource arguments
Tool call
Argument injection, dangerous action patterns
Header injection, SSRF via link fields
DB query
SQLi patterns in LLM-generated queries
Code exec
Eval-ready payloads, shell metacharacters
Raw display
Context leakage, embedded secrets
Reading materials
AIPSA Handbook · Ch 6
Chapter 6 — Agentic Permissions
Tool-call security, delegated authority, approval gates, side-effect containment, MCP surface analysis, sandboxing, and action logging for AI agents.
4.9 MB
AIPSA Field Guide · Ch 5 · Ch 5
Agent Security
Delegated authority, tool calls, MCP-style tool surfaces, approvals, side effects, action logging, sandboxing, and agentic workflow governance.
~2 MB
Mythos Report · Ch 9 · Ch 9
Excessive Agency Is the New Overprivileged Service Account
Drawing the direct line from classic least-privilege failures to agentic AI: why scope, approval gates, and blast radius matter more as agents gain capabilities.
~1 MB
Interactive tool