Anshu Gupta - Agentic AI Security - What you need to know?

​Speaker - Anshu Gupta

​Defining the "Agentic" Attack Surface

• ​Concept: moving from "Output" (GenAI) to "Action" (Agents).

• ​Architecture breakdown: Understanding the "Cognitive Loop" (Perception $\rightarrow$ Planning $\rightarrow$ Action $\rightarrow$ Memory) and where vulnerabilities hide in each stage.

​Threat Landscape: When Prompts Become Payloads

• ​Deep dive: Indirect Prompt Injection (how reading a malicious website can hijack an agent).

• ​Real-world scenarios: Data exfiltration via API calls, unauthorized purchases, and "confused deputy" attacks where agents are tricked into misusing their permissions.

​The OWASP Top 10 for LLMs (Agent Edition)

​Focusing on the risks specific to autonomy:

• ​LLM06: Excessive Agency: Granting agents too much power or vague permissions.

• ​LLM07: Insecure Plugin Design: Vulnerabilities in the tools the agent connects to (e.g., SQL databases, email clients).

​Zero Trust for Agents: Identity & Access Management

• ​Treating agents as non-human identities.

• ​Strategies for Just-in-Time (JIT) access and scoping OAuth tokens strictly to the task at hand (e.g., "Read Email" vs. "Send Email").

​"Hooking Before Hacking": Monitoring & Observability

• ​Why traditional WAFs (Web Application Firewalls) fail against semantic attacks.

• ​Implementing "Thought Monitoring"—analyzing the agent's Chain of Thought (CoT) for malicious intent before it executes a tool call.

​Defensive Architectures & Guardrails

• ​Human-in-the-loop (HITL): requiring approval for high-stakes actions (e.g., transferring funds, deleting files).

• ​Sandboxing: executing agent-generated code in ephemeral, isolated environments (e.g., Firecracker microVMs or Docker containers).

​Governance & The Future of Multi-Agent Systems

• ​Managing "Swarm" risks: what happens when multiple agents with different instructions conflict?

• ​Essential policy checklist for deploying autonomous agents in the enterprise.