Security foundations for AI agents: identity, permissions, tenant isolation, secrets, audit logs, and threat models.

Security

Overview

Security is not an add-on in agent systems. It is a core runtime property that governs access to data, execution of tools, and retention of context across runs.

Security primitives

  • Tenant isolation: hard separation of data and execution contexts.
  • Identity and access: SSO integration, RBAC/ABAC for tools and knowledge.
  • Secrets: centralized secret management; never exposed to the model.
  • Audit logging: immutable logs of access, actions, and approvals.
  • Retention: configurable policies for prompts, traces, and knowledge artifacts.

Prompt-injection and untrusted content

  • Treat retrieved documents as data, not instructions.
  • Separate system policies from user content and source content.
  • Allowlist tool usage; never execute actions based solely on document directives.
  • Use structured extraction when reading untrusted sources (facts-only parsing).

Operational controls

  • Approval gates for privileged actions and data exports.
  • Redaction rules for sensitive fields in logs and responses.
  • Dependency allowlists (domains, APIs) for external access.