how are people approaching agentic ai security now that agents can take real actions, not just generate text

Reddit r/AI_Agents News

Summary

A discussion on the emerging security challenges when AI agents can take real actions (e.g., update records, call APIs) rather than just generate text, exploring needed infrastructure like scoped identities, policy layers, and action logging.

we've moved past chatbot-style llm stuff into agents that update records, call internal apis, and touch prod-adjacent systems. agentic ai security is the term getting thrown around for this but nobody at my company has a clear answer on what it means in practice. most of what's written about ai security still assumes the risk is the model saying something bad. that's not our risk anymore. our risk is an agent doing something bad, updating the wrong record or calling the wrong api. the stack we're piecing together starts with scoped identities per agent instead of one shared service account. on top of that we want a policy layer that sees the tool calls themselves, not just the text going in and out. and we need logging that ties an instruction to the action it triggered so an incident is reconstructable. i can't tell if this is a mature space yet or if everyone's duct-taping it together like we are. for people running agents wired into real internal systems, what does your security stack look like end to end?
Original Article

Similar Articles

Security and Privacy in Agentic AI: Grand Challenges and Future Directions

arXiv cs.AI

This paper presents key challenges and future research directions in the security and privacy of agentic AI, based on a horizon-scanning exercise with thirty international experts. It identifies emerging risks from increased AI autonomy and permissions, including prompt injection attacks and malicious applications.

What if Agentic AI security was a Non Issue?

Reddit r/artificial

The article introduces Sentinel Gateway, a security middleware designed to guarantee safety for AI agents by restricting actions to predefined scopes, preventing data leaks, and ensuring full traceability of agent actions.