The Databricks AI Security Framework (DASF) now covers Agentic AI as its 13th system component, adding 35 new technical security risks and 6 new mitigation controls to help organizations deploy autonomous agents with confidence.

databricks

Databricks has released DASF v3.0, adding Agentic AI as the 13th system component in its AI Security Framework. The update introduces 35 new technical security risks and 6 new mitigation controls specific to autonomous AI agents. Key new risk categories include agent reasoning loop attacks (memory poisoning, cascading hallucinations, goal manipulation), tool and MCP security risks (tool poisoning, prompt injection via tool descriptions, malicious servers), and multi-agent system risks (agent communication poisoning, rogue agents). The framework highlights the 'Lethal Trifecta' — the dangerous combination of access to sensitive data, ability to take actions, and insufficient human oversight — as the core threat model. New controls focus on least-privilege permissions, human-in-the-loop checkpoints, intent validation, and output monitoring. The full framework now covers 97 risks and 73 controls, mapped to MITRE ATLAS, OWASP, NIST, and CSA standards.

Agentic AI Security: New Risks and Controls in the Databricks AI Security Framework (DASF v3.0)

Security risks when AI agents can take actions