PIC Standard: AI Action Firewall – Prevent prompt injection by verifying AI agent actions

Summary: PIC Standard is an open protocol that requires AI agents to prove their intent and provide verifiable evidence before executing impactful actions. It prevents prompt injection attacks and unauthorized operations by enforcing machine-verifiable contracts locally, without sending sensitive data to the cloud.

What it does

PIC forces agents to submit an Action Proposal following the PIC/1.0 schema, linking intent, impact class, provenance, claims, and evidence before tool execution. If verification fails, the action is blocked. It supports SHA-256 and Ed25519 signature evidence to ensure traceability.

Who it's for

Developers building AI agents that interact with tools involving high-impact operations such as financial transactions, data exports, or infrastructure changes.

Why it matters

PIC addresses the gap in agent security by verifying what actions an AI agent can perform, reducing risks of financial loss, data leaks, and irreversible operations caused by prompt injection or hallucinations.