Unsafe AI Output Handling

What You'll Learn in Unsafe AI Output Handling

• Identify the attack surface created when AI-generated content passes unsanitized into databases, web pages, APIs, and system commands
• Trace an end-to-end attack chain where crafted AI input produces malicious output that exploits a downstream system
• Apply output validation and sanitization controls at the boundary between AI components and connected systems
• Evaluate architectural patterns including parameterized queries, output encoding, and least-privilege API access that prevent AI output exploitation
• Distinguish between scenarios where AI output can be trusted for display and scenarios where it must be treated as untrusted input to another system

Unsafe AI Output Handling — Training Steps

1. A New AI Feature to Test

   Today, the Natural Language Query (NLQ) API feature is ready for internal testing before it ships to production. The NLQ API uses an AI model to convert plain English questions into SQL queries - business users type a question, the AI writes the SQL, and the API returns the results.

2. Email from the Tech Lead

   Alice receives an email from her tech lead James Park, letting her know the NLQ API endpoint is deployed to the staging environment and ready for testing.

3. Opening the API Tester

   Alice opens the API Tester tool to start sending requests to the NLQ endpoint. This is a standard part of her workflow for testing new API features before they go live.

4. A Simple Test Query

   Alice starts with a straightforward query to make sure the API is working. The NLQ endpoint accepts GET requests with a query parameter containing the natural language question.

5. The API Response

   The API responded with five customer records matching the query. The response looks normal.

6. The Generated SQL

   The SQL Query Analysis panel shows exactly what the AI generated from the natural language input. This is the query that was executed against the database.

7. The Data Flow

   The chain visualization shows how data flows from the user's natural language question all the way to the database result.

8. Testing with a Malicious Input

   Alice decides to test the API's resilience. What if a user includes SQL injection syntax in their natural language query? A well-built system should either reject the input or sanitize it. She crafts a query parameter that embeds a DROP TABLE command inside the natural language prompt.

9. The Damage in the Response

   The response came back, but something is very wrong. Look at the response body closely.

10. The Injected SQL

    The SQL panel reveals exactly what the AI generated. The injection payload was faithfully translated into executable SQL.