Explore the security risks of AI agents and how engineering teams can use layered controls to turn vulnerabilities into advantages.

The New Stack is a publication covering trends and technologies in cloud-native development, DevOps, and software delivery. Developers can learn about containerization, Kubernetes, and cloud computing, as well as explore topics such as microservices architecture, serverless computing, and continuous integration/continuous delivery (CI/CD) pipelines.

The New Stack

AI agents introduce a fundamentally different threat model compared to traditional software. Key risks include prompt-injection attacks (made harder to remediate by LLM non-determinism), privilege escalation, cascading failures in multi-agent systems, and the 'lethal trifecta' — agents that simultaneously access private data, process untrusted content, and communicate externally. Concrete countermeasures are organized into three layers: model-level controls (separating system instructions from untrusted content, secondary classifiers), system-level controls (least privilege, default-deny networking, breaking the lethal trifecta by separating read/write agents), and human oversight (tiered approval workflows, full audit logging, rollback capability). Organizations that build governance into agentic systems from the start gain a competitive advantage through faster, more secure development.

Agents are rewriting the rules of security. Here’s what engineering needs to know.