I may be wrong but I have been building Agents in Zapiers Agent builder and i have noticed that the Web Search tool is included in the default toolset with the inability to turn it off. I see this as an extreme security risk because Agents are susceptible to prompt injection attacks, these same Agents are also given tools, private integrations used to access data and take actions within our apps. And simply putting “DO NOT USE WEBSEARCH” is not sufficient because websearch is in the toolset. If met with prompt injection these Agents could send private information to attackers. Zapier needs to add guardrails to its Agent builder, and we need to be able to turn off web search. People using Agents to sell to business, if data you hold for a business gets out you are completely liable btw.
Security risks of using Web Search in Zapier's Agent builder
+11- Community Manager
Hi there
Thanks so much for flagging this! I can see that you also reached out to our Support team and they put in a feature request for the ability to disable the WebSearch tool and our engineers confirmed that we have guardrails in place to detect prompt injections. Wanted to share the key details from Support’s reply here in case it’s helpful to others coming across this in the future:
We already have guardrails in place that detect prompt injection attempts in agent inputs and prevent the agent from executing when such attacks are identified. This protects against the scenario you described, where malicious inputs could access WebSearch or other tools.
So while it’s not currently possible to disable the Web Search tool, there are protections against prompt-injection attacks in place.
Hope that helps. If there’s anything else I can assist with just let me know! 🙂
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.