Your AI Agent can read your API keys: How to prevent credential exfiltration

Prompt injection is not theoretical. A poisoned document or a malicious webpage pulled in by a tool call can manipulate an agent into forwarding its credentials to an attacker. Guardrails reduce the risk; they do not eliminate it. The real fix is architectural: don't give the agent the credentials in the first place. In this hands-on lab, you will install Agent Vault, Infisical's open-source credential broker, and configure it as a forward HTTPS proxy between an agent and the APIs it calls. Credentials live encrypted in the vault and are attached at the network layer. The agent issues a normal request and receives a normal response - it never holds the secret, which means a prompt-injected agent has nothing to exfiltrate. You will work through installation, vault and service configuration, the proxy handoff, and the audit log, leaving with a working setup and a clear mental model for drawing the trust boundary between agents and credentials.