Agentic AI Security
Agentic AI introduces temporal, operational, and permission-bound risks because the system can reason, remember, call tools, and act over time.
Overview
Agentic systems are different from one-shot assistants. They keep state, decompose tasks, interact with tools, and may execute multi-step plans. This makes the security problem fundamentally operational.
Threat model
Key threats include prompt-chain compromise, malicious tool outputs, unsafe memory persistence, privilege escalation through plugins, action drift across long horizons, and weak human oversight.
Countermeasures
Useful defenses include permission boundaries, memory hygiene, tool sandboxing, policy engines, scoped delegation, runtime monitors, and explicit human approval for sensitive actions.
Open challenges
A central challenge is defining safe autonomy boundaries. Agentic systems need to remain useful and efficient while avoiding silent failure, unsafe execution, or exploit chains that build up over multiple steps.