Plugin & Extension Security for AI: Complete Guide | QuizBy Eyal Doron / December 6, 2025 / 1 minute of reading Plugin & Extension Security for AI: Complete Guide | Quiz 1 / 7 1. According to the article – why is the misconception that plugins just read data not harmful dangerous? 1. Reading data requires special permissions that are never granted 2. Many plugins have write and execute capabilities and even read-only plugins can exfiltrate data 3. All plugins are strictly read-only by default 4. Data exfiltration is impossible through plugin architecture Correct! Why: Many plugins have write and execute capabilities and even read-only plugins can exfiltrate sensitive data – read access to the wrong data is still a breach. Context: The assumption that reading is harmless ignores both hidden capabilities and data sensitivity. Remember: Read access to secrets is still a breach. 2 / 7 2. What guidance does the article give for Anthropic Claude MCP security? 1. Host MCP servers internally – authenticate via mTLS or API keys – monitor unusual tool sequences 2. Use only public MCP endpoints for convenience 3. Allow all MCP tools without restriction 4. Disable MCP entirely as it cannot be secured Correct! Why: The article recommends hosting MCP servers internally and authenticating calls via mTLS or API keys and monitoring for unusual tool sequences. Context: Local MCP servers have file system access to the host machine making careful implementation review essential. Remember: Internal hosting – strong auth – watch for anomalies. 3 / 7 3. What does OWASP recommend regarding how plugins should be treated? 1. Disable all plugins by default with no exceptions 2. Only use plugins developed in-house 3. Treat plugins as untrusted with strict input validation and least privilege 4. Trust all plugins from official marketplaces Correct! Why: OWASP recommends treating plugins as untrusted while implementing strict input validation and applying least privilege. Context: This defensive posture acknowledges that plugins may be malicious or vulnerable and limits potential damage. Remember: Untrusted until proven otherwise. 4 / 7 4. How can prompt injection lead to plugin abuse according to the article? 1. Plugins are immune to prompt injection attacks 2. Hidden instructions in content cause the AI to misuse legitimate plugins for unintended actions 3. Prompt injection only affects the AI response text not plugin behavior 4. Prompt injection requires physical access to the plugin server Correct! Why: An attacker includes hidden instructions in content the AI processes causing the AI to use plugins in unintended ways like deleting files or sending data to attacker URLs. Context: The plugin itself may be legitimate – the attack exploits the AI role as decision-maker. Remember: Injected prompts make good plugins do bad things. 5 / 7 5. What are the three main plugin threat vectors identified in the article? 1. Authentication – authorization – accounting 2. Network attacks – application attacks – physical attacks 3. Encryption – hashing – tokenization 4. Malicious plugins – compromised plugins – exploited plugins via prompt injection Correct! Why: The article identifies plugins that can be the attacker (malicious) or the victim (compromised) or the weapon (exploited via prompt injection). Context: Defense must address all three vectors because each requires different security controls. Remember: Malicious – Compromised – Exploited. 6 / 7 6. What makes AI plugin security fundamentally different from traditional integrations? 1. Traditional integrations cannot connect to external systems 2. The AI makes decisions about which plugins to call rather than humans explicitly choosing actions 3. AI plugins require more bandwidth than traditional integrations 4. Traditional integrations are always less secure than AI plugins Correct! Why: With AI plugins the AI chooses which actions to take rather than humans explicitly choosing – and the AI can be manipulated through prompt injection. Context: This decision flow creates unique risk because attackers can influence the AI interpretation to trigger unintended plugin actions. Remember: The AI decides – and the AI can be manipulated. 7 / 7 7. According to the article – what analogy best describes the security risk of AI plugins? 1. Installing antivirus software on multiple computers 2. Building a firewall around your network perimeter 3. Creating backup copies of important documents 4. Giving your AI keys to different rooms in your building – each key could be misused Correct! Why: The article describes plugins as giving your AI assistant keys to different rooms in your building – each key could be misused. Context: This analogy illustrates that every plugin grants access to systems and data that could be exploited if the AI is manipulated or the plugin is malicious. Remember: Every plugin is a key that could end up in the wrong hands. Your score isThe average score is 0% Restart quiz Download PDF Please leave this field empty🔐 The AI Security Manager's Newsletter Weekly insights on AI risk management, EU AI Act compliance, and practical security strategies. We don’t spam! Read our privacy policy for more info. Thank you! Please check your inbox to confirm your subscription.
