Skip to content
Dev support

Secure interoperable agents

AI is transforming consumer tech, with messaging becoming the main channel for interacting with agent services. This shift will scale message traffic astronomically, analogous to the web’s rise in the 2000s. Just as Cloudflare and https secured web traffic, messaging will need robust scalable end-to-end encrypted messages to protect sensitive information.

Risks

Risks of not using end-to-end encryption for agent interactions exposes the users to what is called as Man in the Middle Attacks.

Man in the Middle Attacks: Intercept requests in between to alter or manipulate data sent or received by the AI service

  • Phishing: Messages can be intercepted and manipulated.
  • Privacy: Sensitive information read by unwanted parties
  • Tampering: Content can be altered without detection.

XMTP

XMTP provides end-to-end encrypted messaging for agent interactions, crucial for privacy, security, and compliance. Without it, messages are exposed to many security risks

Features:

  • E2EE: End to end MLS encryption.
  • Multi-agent: Support multi-agent through group chats.
  • Interoperable: Works across all platforms and frontends.
  • Trusted: Decentralized & open source.
  • Anonymous: By default user identity is anonymous.

Frequently Asked Questions

1. What are the risks of not using end-to-end encryption for agent interactions?

These are some of the potential risks that agent messages are exposed in traditional web architectures.

1. Man-in-the-Middle (MitM) Attacks

MitM attacks occur when an attacker intercepts the communication between the client and backend where the LLM service lies. This could involve stealing sensitive information, injecting malicious data, or altering the transmitted data.

Potential Threats:
  • Data Interception: The attacker captures sensitive data, including user queries and chatbot responses, potentially exposing personal or confidential information.
  • Data Manipulation: The attacker modifies user queries or responses. This could lead to incorrect actions or responses.
  • Command Injection: Malicious instructions injected by an attacker could trigger unintended backend actions, potentially compromising the system.
2. Prompt Injection

An attacker may inject malicious prompts into user queries by intercepting the request from in-between, resulting in disastrous actions (in the case of an Agentic AI system).

3. Cross-Site Scripting (XSS)

An attacker injects malicious scripts into the chatbot interface or backend responses, exploiting vulnerabilities in the web app.

Potential Threats:
  • Stealing session tokens, cookies, or sensitive data via the malicious script.
  • Performing unauthorized actions on behalf of the user by exploiting session data.

2. How does XMTP facilitate compliance?

XMTP facilitates compliance with key data protection regulations:

1. General Data Protection Regulation (GDPR)
  • Data Protection by Design: XMTP's end-to-end encryption ensures that personal data is secured throughout its lifecycle, aligning with GDPR's requirement for data protection measures to be integrated into processing activities.
  • Data Subject Rights: XMTP's architecture supports efficient management of data access and deletion requests, aiding compliance with GDPR mandates on user rights.
2. California Consumer Privacy Act (CCPA)
  • Data Security Measures: By implementing robust encryption, XMTP helps protect personal information, addressing CCPA's emphasis on reasonable security procedures to prevent unauthorized access.
  • Transparency and User Control: XMTP's open-source nature allows organizations to maintain transparency in their communication systems, building trust with users and supporting CCPA's requirements for consumer rights.

By integrating XMTP, organizations can enhance their compliance posture with both GDPR and CCPA, mitigating legal risks and building consumer trust.