Agents are rewriting the rules of security. Here’s what engineering needs to know.

AI agents introduce a fundamentally different threat model compared to traditional software. Key risks include prompt-injection attacks (made harder to remediate by LLM non-determinism), privilege escalation, cascading failures in multi-agent systems, and the 'lethal trifecta' — agents that simultaneously access private data, process untrusted content, and communicate externally. Concrete countermeasures are organized into three layers: model-level controls (separating system instructions from untrusted content, secondary classifiers), system-level controls (least privilege, default-deny networking, breaking the lethal trifecta by separating read/write agents), and human oversight (tiered approval workflows, full audit logging, rollback capability). Organizations that build governance into agentic systems from the start gain a competitive advantage through faster, more secure development.