Loading…
Loading…
Written by Max Zeshut
Founder at Agentmelt · Last updated Jul 8, 2026
A security control restricting the network destinations an AI agent (or its tool sandbox) can reach to a predefined list of approved domains, APIs, or endpoints. Egress allowlisting is one of the highest-ROI defenses against [[indirect-prompt-injection]] and [[data-poisoning]]: it doesn't matter if a payload successfully hijacks the model if the exfiltration destination is blocked at the network layer. Several 2025 high-CVSS injection incidents (notably CamoLeak) worked partially because a whitelisted proxy or internal domain served as an exfiltration path—so allowlists have to be narrow, not broad.