SAF-M-7: Content Rendering Parity

June 1, 2026 · View on GitHub

Overview

Mitigation ID: SAF-M-7
Category: UI Security
Effectiveness: Medium-High
Implementation Complexity: Low
First Published: 2025-01-03

Content Rendering Parity ensures that what users see in the UI exactly matches what is sent to the LLM for all types of content (tool descriptions, tool outputs, error messages, and other data). This prevents attacks that exploit differences between displayed and processed content, including hidden instructions in tool outputs or visual deception techniques.

Mitigates

SAF-T1001: Tool Poisoning Attack (TPA)
SAF-T1102: Prompt Injection (Multiple Vectors)
SAF-T1401: Line Jumping
SAF-T1402: Instruction Steganography

Technical Implementation

[TO BE COMPLETED]

References

UI Security Best Practices

SAF-M-8: Visual Validation
SAF-M-4: Unicode Sanitization and Filtering

Version History

Version	Date	Changes	Author
0.1	2025-01-03	Initial stub	Frederick Kautz
0.2	2025-01-09	Generalized to cover all content types, not just descriptions	Frederick Kautz

Overview

Description

Mitigates

Technical Implementation

References

Related Mitigations

Version History