unknown

A practitioner's deep-dive into securing AI agents, built from real experience developing a Discord-based tech support agent. The author demonstrates how traditional security models break for probabilistic, autonomous systems and proposes a defense-in-depth architecture covering: an AI gateway with ensemble prompt injection detection (regex + DeBERTa + guard model), constrained agency with explicit permission boundaries, risk-based and just-in-time access control, MCP gateway security with tool allowlists and schema pinning, and nonhuman identity (NHI) management. Real failure examples are included—an indirect injection that exfiltrated 1,200 customer records, and a false positive that blocked 'Hi' with 95% confidence. The article benchmarks five prompt injection detectors (best single: 83.5%, ensemble: 87.6%), outlines what current frameworks like OWASP, NIST, and MAESTRO get right and what's missing (agent-to-agent auth, continuous adversarial probing, liability), and closes with seven concrete actions teams can take immediately.

Securing AI Agents: An Architecture for Systems You Can’t Fully Control

Evangelos Pappas

Here’s my hot take: securing AI/agentic apps can’t happen under classic security assumptions. Agents are probabilistic, adaptive, and autonomous. That’s why “just add a prompt filter” fails.

What works instead is security becomes a continuous loop.

<p>Here’s my hot take: securing AI/agentic apps can’t happen under classic security assumptions. Agents are probabilistic, adaptive, and autonomous. That’s why “just add a prompt filter” fails.

What works instead is security becomes a continuous loop.</p>