AI Agent Sent Data to External Server: Response and Prevention

If your AI agent sent data to an external server — whether through an HTTP request, a webhook call, or a network connection you did not authorize — this is a data exfiltration incident that requires immediate response. SafeClaw by Authensor prevents this by blocking all outbound network requests by default, requiring explicit allow rules for every domain and endpoint an agent can contact. If the exfiltration has already occurred, follow the response steps below.

Immediate Incident Response

1. Stop the Agent Immediately

Terminate the agent process to prevent further data transmission.

2. Identify What Data Was Sent

Review the SafeClaw audit log if it was installed:

npx @authensor/safeclaw audit --filter "action:network" --last 50

If SafeClaw was not installed, check your network logs, proxy logs, or firewall logs for outbound requests made by the agent's process.

Key questions to answer:

• What endpoint received the data?


• What data was included in the request (headers, body, query parameters)?


• Was the data sensitive (API keys, user data, source code, credentials)?


• How many requests were made?

3. Assess the Impact

Low impact: The agent called a public API it was supposed to use, just with unexpected data.

Medium impact: The agent sent source code or internal documentation to a third-party service.

High impact: The agent transmitted credentials, API keys, personal data, or customer information to an unknown endpoint.

4. Take Containment Actions

• Rotate any exposed credentials immediately.
• Notify affected parties if personal data was transmitted (GDPR, CCPA requirements may apply).
• Block the external endpoint at the network/firewall level.
• Preserve the audit log for investigation — SafeClaw's hash-chained logs are tamper-proof.
• Contact the external service to request data deletion if possible.

Install SafeClaw and Block Unauthorized Network Access

npx @authensor/safeclaw

Configure Network Egress Controls

SafeClaw's deny-by-default model blocks all network requests unless explicitly allowed. Configure your safeclaw.policy.yaml:

rules:
  # Block all network requests by default (this is implicit with deny-by-default)
  # Then allow only specific, trusted endpoints:

- action: network.request
    resource: "https://api.your-company.com/**"
    effect: allow
    reason: "Agent calls internal API only"

- action: network.request
    resource: "https://registry.npmjs.org/**"
    effect: allow
    reason: "Agent can check npm packages"

# Explicitly deny known risky destinations
  - action: network.request
    resource: "http://**"
    effect: deny
    reason: "No unencrypted HTTP traffic"

- action: network.request
    resource: "https://.pastebin.com/*"
    effect: deny
    reason: "Block paste services"

- action: network.request
    resource: "https://webhook.site/**"
    effect: deny
    reason: "Block webhook testing services"

Block Data in Request Bodies

For allowed endpoints, you can restrict what data can be included:

rules:
  - action: network.request
    resource: "https://api.your-company.com/**"
    effect: allow
    deny_body_patterns:
      - "password"
      - "secret"
      - "api_key"
      - "token"
    reason: "Internal API calls without sensitive data"

Block DNS Resolution for Untrusted Domains

rules:
  - action: network.dns
    resource: "*"
    effect: deny
    reason: "DNS resolution blocked by default"

- action: network.dns
    resource: "*.your-company.com"
    effect: allow
    reason: "Resolve internal domains only"

Troubleshooting Scenarios

Agent sent source code to an AI API: This happens when agents call external AI services for sub-tasks. If you want to prevent this, deny network access to AI provider endpoints that you have not authorized.

Agent posted data to a logging service: The agent may have been configured to log to an external service. Block all logging endpoints except your approved ones.

Agent made requests to unknown IP addresses: This could indicate prompt injection or a compromised tool. Block all non-domain requests:

rules:
  - action: network.request
    resource: "https://\\d+\\.\\d+\\.\\d+\\.\\d+/**"
    effect: deny
    reason: "Block direct IP access"

Agent used curl or wget via shell: Network gating must also cover shell commands:

rules:
  - action: shell.exec
    resource: "curl *"
    effect: deny
    reason: "Block curl for network exfiltration prevention"

- action: shell.exec
    resource: "wget *"
    effect: deny
    reason: "Block wget for network exfiltration prevention"

Prevention

Data exfiltration is one of the highest-risk AI agent failures. SafeClaw's deny-by-default network gating, validated by 446 tests across Claude and OpenAI integrations, ensures agents cannot contact any external service you have not explicitly approved. MIT licensed, zero cloud dependency, fully local enforcement.

1. Block all network by default — this is automatic with SafeClaw.
2. Allowlist only specific, necessary endpoints.
3. Block shell-based network tools (curl, wget, nc).
4. Review audit logs for any network activity after agent sessions.
5. Rotate credentials preemptively if you suspect any exposure.

Related Resources

• Prevent Agent Data Exfiltration
• Network Policies for AI Agents
• AI Agent Leaked Environment Variables: Emergency Rotation Guide
• Threat: Data Exfiltration via Network
• AI Agent Used the Wrong API Key: Prevention