Ultra13
Learn · Context Authority

What is context authority in AI agent security?

Context authority is the permission for a context source to influence an action, not merely to appear in the prompt. The dangerous question in agent security is not whether text looks malicious, but whether a given source should be allowed to influence a given sink — a tool call, memory write, export, browser action, approval, or final answer.

By the Ultra13 teamPublished Updated
TL;DR
  • Context authority = permission to influence an action, not just to be in the prompt.
  • Appearing in context is not the same as being allowed to drive a sink.
  • Source-to-sink policy encodes which sources may influence which actions.
  • This reframes prompt injection as an authority problem, not a text problem.

Presence is not permission

Every span of context that enters the agent state — prompt, retrieved chunk, memory, tool result, MCP response — has a provenance and trust class. Being present in the window does not mean it may authorize an action. Context authority makes that distinction explicit and enforceable.

From authority to policy

A source-to-sink policy records, for each source class, which sinks it may influence and under what conditions. This is the object a context firewall enforces — see the founder essay prompt injection is not the problem, context authority is.

FAQ

Frequently asked questions

How is context authority different from prompt injection?
Prompt injection is the visible symptom — untrusted text steering the model. Context authority is the underlying control: whether that source was ever allowed to influence the action it triggered.
What is source-to-sink policy?
A rule set that defines which classes of context (sources) may influence which actions (sinks), and under which conditions — for example, a customer ticket may inform a reply but cannot authorize a refund.

See where the firewall stops the path.

Give us one agent workflow. We’ll map the context boundary, replay the abuse paths, and show where the Context Firewall blocks them.