Summary
There is an unresolved TODO in AIChatService.cs to implement UserSecurityContext — the Azure/Microsoft Defender for Cloud mechanism that forwards end-user identity to Azure OpenAI for prompt shield evaluation and threat detection. Without it, Microsoft Defender for Cloud has no visibility into who is sending prompts, making prompt-shield and abuse-detection features ineffective.
Affected Code
EssentialCSharp.Chat.Shared/Services/AIChatService.cs, line 396:
// TODO: Look into using UserSecurityContext (https://learn.microsoft.com/en-us/azure/defender-for-cloud/gain-end-user-context-ai)
No UserDetails or equivalent context is currently set on ResponseCreationOptions.
Risk
OWASP AI Agent Security — §6 Monitoring & Observability / §2 Prompt Injection Defense
- Prompt Shield (Azure AI Content Safety) can block direct and indirect prompt injection attempts, but requires
UserSecurityContext to be passed so it can correlate and track per-user threat patterns.
- Without user context, Azure Defender for Cloud cannot generate meaningful alerts or per-user anomaly signals.
- Abuse patterns (e.g., a single user repeatedly probing for jailbreaks) are invisible to the platform-level defenses.
Recommended Implementation
Pass user identity context when creating the response:
// In CreateResponseOptionsAsync, accept userId and set it on options
#pragma warning disable OPENAI001
options.EndUserDetails = new OpenAI.EndUserDetails(endUserId)
{
// Optionally add hashed identifier for privacy
};
#pragma warning restore OPENAI001Propagate the authenticated user's ID from ChatController down to AIChatService.GetChatCompletion:
// ChatController.cs
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
var (response, responseId) = await _AiChatService.GetChatCompletion(
prompt: request.Message,
endUserId: userId, // new parameter
...);References
Summary
There is an unresolved
TODOinAIChatService.csto implementUserSecurityContext— the Azure/Microsoft Defender for Cloud mechanism that forwards end-user identity to Azure OpenAI for prompt shield evaluation and threat detection. Without it, Microsoft Defender for Cloud has no visibility into who is sending prompts, making prompt-shield and abuse-detection features ineffective.Affected Code
EssentialCSharp.Chat.Shared/Services/AIChatService.cs, line 396:// TODO: Look into using UserSecurityContext (https://learn.microsoft.com/en-us/azure/defender-for-cloud/gain-end-user-context-ai)No
UserDetailsor equivalent context is currently set onResponseCreationOptions.Risk
OWASP AI Agent Security — §6 Monitoring & Observability / §2 Prompt Injection Defense
UserSecurityContextto be passed so it can correlate and track per-user threat patterns.Recommended Implementation
Pass user identity context when creating the response:
Propagate the authenticated user's ID from
ChatControllerdown toAIChatService.GetChatCompletion:References