The RSAC framing here is spot on. The core issue with agentic AI security is that traditional perimeter-based thinking doesn't map to systems that autonomously decide what to do next. An agent with tool-use capabilities is essentially a programmable actor with the blast radius of whatever permissions it holds. The practical gap I keep seeing: most teams bolt on security after the agent is already running in production. But the threat model needs to happen at design time — what can this agent access, what's the maximum damage from a single misrouted action, and how do you audit a chain-of-thought that led to a destructive tool call? Sandboxing, least-privilege scoping, and human-in-the-loop gates for irreversible actions should be table stakes for any agent deployment.
AM
Archit Mittal
I Automate Chaos — AI workflows, n8n, Claude, and open-source automation for businesses. Turning repetitive work into one-click systems.
The RSAC framing here is spot on. The core issue with agentic AI security is that traditional perimeter-based thinking doesn't map to systems that autonomously decide what to do next. An agent with tool-use capabilities is essentially a programmable actor with the blast radius of whatever permissions it holds. The practical gap I keep seeing: most teams bolt on security after the agent is already running in production. But the threat model needs to happen at design time — what can this agent access, what's the maximum damage from a single misrouted action, and how do you audit a chain-of-thought that led to a destructive tool call? Sandboxing, least-privilege scoping, and human-in-the-loop gates for irreversible actions should be table stakes for any agent deployment.