Information-Flow Control (IFC)
Quick Answer
Information-flow control (IFC) is a security model that labels data with confidentiality and integrity metadata at its source and enforces deterministic policies on how labeled data may flow to sinks. Where access control asks whether a principal may touch a resource, IFC asks whether data originating in one place may reach another. In agent security, IFC constrains how untrusted text in an LLM's context can influence tool calls or move sensitive data to public outputs.
Information-Flow Control (IFC)
Information-flow control (IFC) is a security model that attaches confidentiality labels (how secret data is) and integrity labels (how trusted its source is) to every piece of data at ingress, then enforces deterministic policies on flows from labeled sources to sinks. It originated in operating-systems and language-based security research and has been adapted to LLM agent runtimes, where the planner's context unavoidably mixes trusted instructions with untrusted retrieved text. The defining contrast with access control: access control asks whether a principal may touch a resource; IFC asks whether data originating here may flow to there.
Without IFC enforcement, an agent's planner can be steered by attacker-controlled text into routing high-confidentiality data to a public sink — the lethal-trifecta failure mode that motivates agent-IFC research.
See also
- Indirect prompt injection — the attack class that motivates IFC in agents
- Tool hijacking — what IFC constrains by labeling untrusted inputs
- What is indirect prompt injection? — parent explainer covering IFC as a structural defense