Security Mindset
Agent security has two dimensions:- Protecting agents - From prompt injection, malicious inputs
- Protecting systems - From agent mistakes, over-reach, misuse
Prompt Injection
What Is It?
Attackers embed instructions in data that agents process:Attack Vectors
Defenses
1. Input ValidationPrompt Injection Evaluation
Testing Your Agents
Create an evaluation suite:Automated Security Scans
Trace Monitoring
Why Monitor Traces?
Traces reveal:- What agents are actually doing
- Anomalous behavior patterns
- Security incidents in progress
- Performance bottlenecks
Implementing Traces
Trace Analysis
Observability Stack
- Langfuse
- LangSmith
- OpenTelemetry
Network Security
Closed VPC Networks
Isolate agents from public internet:Private VPC
Agents (Agent 1, Agent 2, Agent 3)
ā
NAT Gateway (allowlist only)
ā
Allowed Destinations: api.anthropic.com, github.com, internal-api
All agent traffic routes through NAT Gateway with strict egress allowlist. No direct internet access.
Egress Controls
Service Mesh
Data Protection
Secrets in Context
Never pass secrets to agents:PII Handling
Security Checklist
- Input validation and sanitization
- Output filtering for sensitive data
- Instruction hierarchy (system > user)
- Prompt injection test suite
- Trace logging enabled
- Anomaly detection alerts
- Network egress controls
- Secrets management (not in prompts)
- PII redaction
- Regular security audits
Incident Response
When Compromise Detected
- Isolate - Stop affected agents immediately
- Preserve - Save traces and logs
- Analyze - Determine attack vector
- Remediate - Fix vulnerability
- Rotate - Change any exposed credentials
- Report - Document incident
Runbook
Related
Agent Permissions
Control agent capabilities
Secrets Management
Secure credential handling