Get your free personalized podcast brief
We scan new podcasts and send you the top 5 insights daily.
Standard agent security (allow/disallow tools) is too blunt. Databricks' Omnigens uses stateful, "contextual policies" that track an agent's session history. For example, it might block publishing to a website *if* the agent previously accessed a confidential document in the same session, preventing data leaks.
Related Insights
To manage security risks, treat AI agents like new employees. Provide them with their own isolated environment—separate accounts, scoped API keys, and dedicated hardware. This prevents accidental or malicious access to your personal or sensitive company data.
Frameworks from firms like KPMG and AWS emphasize that AI agents must be treated as entities with identities and permissions. A strong IAM foundation is a critical control layer to prevent agents from accessing or unintentionally leaking sensitive information, reflecting a broader shift to treat agents like any other privileged user in an IT ecosystem.
A real-world example shows an agent correctly denying a request for a specific company's data but leaking other firms' data on a generic prompt. This highlights that agent security isn't about blocking bad prompts, but about solving the deep, contextual authorization problem of who is using what agent to access what tool.
Standard Role-Based Access Control (RBAC) is inadequate for dynamic AI agents. Cisco advocates for 'T-back': Tool, Task, and Transaction-based access control. This model grants agents ephemeral, minimum-necessary privileges only for a specific action, significantly enhancing security in autonomous systems.
To use AI agents securely, avoid granting them full access to your sensitive data. Instead, create a separate, partitioned environment—like its own email or file storage account. You can then collaborate by sharing specific information on a task-by-task basis, just as you would with a new human colleague.
Traditional security tools like identity management or API firewalls are ineffective for securing AI agents. They can see an action (e.g., deleting a database) but lack the context to know if it was an intended, productive task or a catastrophic error, rendering them useless for this new paradigm.
A critical hurdle for enterprise AI is managing context and permissions. Just as people silo work friends from personal friends, AI systems must prevent sensitive information from one context (e.g., CEO chats) from leaking into another (e.g., company-wide queries). This complex data siloing is a core, unsolved product problem.
A single AI agent can provide personalized and secure responses by dynamically adopting the data access permissions of the person querying it. This ensures users only see data they are authorized to view, maintaining granular governance without separate agent instances.
Instead of simply blocking unexpected agent behavior, Eve Security's platform actively questions the agent to understand its intent. This 'interrogation' process cross-references the agent's answers with other systems to determine if a new behavior is legitimate or malicious, enabling more nuanced control.
The focus of agent security is shifting from traditional identity and access management (IAM) to governing what an agent *does* with its permissions. Granting an agent access is necessary, but the real challenge is controlling the near-infinite permutations of actions it might take with that access.