Agent Security
Synopsis
Agent security covers the controls that keep autonomous or semi-autonomous AI systems within trusted boundaries. It includes authentication, authorization, tool permissions, sandboxing, prompt-injection resistance, secret handling, audit logs, data-boundary enforcement, and recovery paths when an agent behaves unexpectedly.
Origin And Context
It combines application security, cloud IAM, browser and plugin sandboxing, supply-chain security, and adversarial ML. Tool-using agents raise the stakes because natural-language inputs can influence systems that touch files, APIs, payments, infrastructure, or private data.
Why It Matters
Agents convert text into action. That makes ordinary content, retrieved documents, web pages, or UI state part of the attack surface. Security is what lets teams give agents useful tools without handing them unlimited authority.
How To Use It
Use least-privilege tool scopes, explicit approval gates for high-risk actions, isolated execution environments, secret redaction, provenance checks, and audit trails. Treat retrieved content as untrusted input, test prompt-injection cases, and design rollback paths for destructive operations.
Where It Is Useful
Agent security matters in coding agents, MCP servers, browser agents, enterprise assistants, finance and compliance workflows, internal operations tools, and any system connected to privileged APIs or private data.
When To Use It
Apply strong controls whenever an agent can read sensitive data, write state, call external APIs, spend money, deploy code, or influence another system. Lower-risk chat-only agents still need data handling and logging rules.
Active Use Cases
- Permission-gated tool execution for enterprise agents.
- Sandboxed coding and browser automation.
- Prompt-injection and data-exfiltration testing for retrieval agents.
- Audit logs for regulated or high-trust agent workflows.
Related Slide Decks
- youtube aHhB3sjGjkI slides — Agents Building Agents - Alfonso Graziano, Nearform (24 extracted slide frames)
- youtube jVjt 2g8NMY slides — A Genius With Amnesia - Victor Savkin, Nx (19 extracted slide frames)
Related Scheduled Sessions
- 2026 06 29 lovina dmello your llm stack is a 2008 database with better marketing why ml security is dominated by misconfiguration not missing features — Your LLM Stack Is a 2008 Database With Better Marketing: Why ML Security Is Dominated by Misconfiguration, Not Missing Features; Lovina Dmello (Day 2 — Session Day 1 · 11:10am-11:30am · Security; official schedule)
- 2026 06 29 steve yegge agentic security permissions provenance and the agent supply chain — Agentic Security: Permissions, Provenance, and the Agent Supply Chain; Steve Yegge (Day 2 — Session Day 1 · 2:25pm-2:45pm · Security; official schedule)
- 2026 06 30 robert brennan sandboxes aren t optional runtime isolation patterns for coding agents at scale — Sandboxes Aren't Optional: Runtime Isolation Patterns for Coding Agents at Scale; Robert Brennan (Day 3 — Session Day 2 · 3:20pm-3:40pm · Sandbox & Platform Engineering; official schedule)
- 2026 06 30 samuel colvin your agent needs a sandbox not a desert — Your agent needs a sandbox, not a desert; Samuel Colvin (Day 3 — Session Day 2 · 12:05pm-12:25pm · Sandbox & Platform Engineering; official schedule)
- 2026 06 30 ivan burazin kubernetes is not your sandbox — Kubernetes Is Not Your Sandbox; Ivan Burazin (Day 3 — Session Day 2 · 11:40am-12:00pm · Sandbox & Platform Engineering; official schedule)
- 2026 06 30 abhishek bhardwaj from fork to fleet designing an agent sandbox cloud pt 1 — From fork() to Fleet: Designing an Agent Sandbox Cloud Pt 1; Abhishek Bhardwaj (Day 3 — Session Day 2 · 1:30pm-1:50pm · Sandbox & Platform Engineering; official schedule)
- 2026 06 30 abhishek bhardwaj from fork to fleet designing an agent sandbox cloud pt2 — From fork() to Fleet: Designing an Agent Sandbox Cloud Pt2; Abhishek Bhardwaj (Day 3 — Session Day 2 · 1:55pm-2:15pm · Sandbox & Platform Engineering; official schedule)
- 2026 06 30 kevin orellana 1 000 agent tasks in a sandbox what breaks when llms write and run code — 1,000 Agent Tasks in a Sandbox: What Breaks When LLMs Write and Run Code; Kevin Orellana (Day 3 — Session Day 2 · 2:25pm-2:45pm · Sandbox & Platform Engineering; official schedule)
- 2026 06 29 bereket habtemeskel agent auth — Agent Auth; Bereket Habtemeskel, Paola Estefania (Day 1 — Workshop Day · 4:30pm-5:30pm · Workshops Day 1; official schedule)
- 2026 07 01 jay mok your agent just authorized what — Your Agent Just Authorized What?!; Jay Mok (Day 4 — Session Day 3 · 2:50pm-3:10pm · Agentic Commerce; official schedule)
- 2026 06 29 manoj nair through the ai fog the architectural decision the next 24 months of agentic security depends on — Through the AI Fog: The architectural decision the next 24 months of agentic security depends on.; Manoj Nair (Day 2 — Session Day 1 · 10:45am-11:05am · Security; official schedule)
- 2026 06 29 ezra tanzer agentic development security — Agentic Development Security; Ezra Tanzer (Day 2 — Session Day 1 · 12:05pm-12:25pm · Security; official schedule)
- 2026 07 01 michael grinich auth for agents unblock autonomous ai with auth md — Auth for Agents: Unblock Autonomous AI with auth.md; Michael Grinich (Day 4 — Session Day 3 · 11:40am-12:00pm · Agentic Engineering; official schedule)
- 2026 06 29 matt brockman how i learned to stop worrying and love the sandbox — How I learned to stop worrying and love the sandbox; Matt Brockman (Day 1 — Workshop Day · 11:05am-12:05pm · Workshops Day 1; official schedule)
- 2026 06 29 ryan dahl security firewall for agents — Security Firewall for Agents; Ryan Dahl (Day 2 — Session Day 1 · 10:45am-11:05am · Claws & Personal Agents; official schedule)
- 2026 06 29 tanmai gopal your company brain will leak secrets here s how we stopped it for big banks and ourselves — Your company brain will leak secrets. Here's how we stopped it for big banks and ourselves.; Tanmai Gopal (Day 2 — Session Day 1 · 2:50pm-3:10pm · Claws & Personal Agents; official schedule)
- 2026 07 01 rowan christmas yolo mode safely microvm sandboxes for any agent — YOLO Mode, Safely: microVM Sandboxes for Any Agent; Rowan Christmas (Day 4 — Session Day 3 · 1:30pm-1:50pm · Expo Stage 2 NW; official schedule)
- 2026 07 01 arun sekhar blast radius zero one command openclaw sandboxes in the cloud — Blast Radius Zero: One‑Command OpenClaw Sandboxes in the Cloud; Arun Sekhar (Day 4 — Session Day 3 · 1:55pm-2:15pm · Track M; official schedule)
- 2026 07 01 rashi agrawal guardrails first engineering member facing health ai — Guardrails First: Engineering Member-Facing Health AI; Rashi Agrawal (Day 4 — Session Day 3 · 11:10am-11:30am · AI in Healthcare; official schedule)
- 2026 06 29 micah silverman ai security engineer foundations certificate — AI Security Engineer Foundations + Certificate; Javier Garza (Day 1 — Workshop Day · 9:00am-11:00am · Workshops Day 1; official schedule)
- 2026 06 29 palak agarwal how reducto parsed the epstein files for the viral jmail project the secret complexities of document — How Reducto parsed the Epstein Files for the Viral JMail Project: The Secret Complexities of Document; Palak Agarwal (Day 1 — Workshop Day · 1:15pm-2:15pm · Track 7; official schedule)
- 2026 06 29 manoj nair security track intro — Security Track intro; Manoj Nair (Day 2 — Session Day 1 · 10:25am-10:30am · Software Factories; official schedule)
- 2026 06 29 natalie meurer the dirty secret of forward deployed engineering — The Dirty Secret of Forward Deployed Engineering; Natalie Meurer (Day 2 — Session Day 1 · 1:30pm-1:50pm · Forward Deployed Engineering; official schedule)
- 2026 06 30 philipp schmid why agents should have their own sandbox — Why Agents Should Have Their Own Sandbox; Philipp Schmid (Day 3 — Session Day 2 · 1:30pm-1:50pm · Expo Stage 1; official schedule)
Related People
- John Craft
- Abhishek Bhardwaj
- Manoj Nair
- Christopher Manning
- Lovina Dmello
- Steve Yegge
- Robert Brennan
- Samuel Colvin
- Ivan Burazin
- Kevin Orellana
- Bereket Habtemeskel
- Paola Estefania
- Jay Mok
- Ezra Tanzer
- Michael Grinich
- Matt Brockman
- Ryan Dahl
- Tanmai Gopal
- Rowan Christmas
- Arun Sekhar
- Rashi Agrawal
- Javier Garza
- Palak Agarwal
- Natalie Meurer
Related Companies
- Docker
- Snyk
- WorkOS
- OpenAI
- Anthropic
- PayPal
- Microsoft
- Better Auth
- Navan
- Stripe
- Moonlake AI
- Uber
- SonderMind
- NVIDIA
- Gas Town
- OpenHands
- Pydantic
- Daytona
Transcript And Resource Support
Transcript-backed resources
- youtube SKDJo2CopRs — Why Eval++ Is the Next Great Compute Primitive — Sunil Pai & Matt Carey, Cloudflare
- youtube c 2eEv2ou7Y — Why MCP and ChatGPT Apps Use Double Iframes — Frédéric Barthelet, Alpic
- youtube LrGCT7G_rU8 — Using RL Agent to Detect and Remediate ETL Pipeline Failures - Anna Marie Benzon
- youtube hCMrEfPG2Yg — Beyond Components: Designing Generative UI for MCP Apps — Ruben Casas, Postman
- youtube _xIwFcnHqp4 — Building Interactive UIs in VS Code with MCP Apps — Marlene Mhangami & Liam Hampton, GitHub
- youtube 6bmM45jkMDY — You Can't Prompt the Room: The Last Skill AI Won't Replace - Balázs Horváth, VisualLabs