Skip to main content

Security Mindset

Agent security has two dimensions:
  1. Protecting agents - From prompt injection, malicious inputs
  2. Protecting systems - From agent mistakes, over-reach, misuse
Both require defense in depth.

Prompt Injection

What Is It?

Attackers embed instructions in data that agents process:

Attack Vectors

Defenses

1. Input Validation
2. Delimiter Isolation
3. Output Filtering
4. Instruction Hierarchy

Prompt Injection Evaluation

Testing Your Agents

Create an evaluation suite:

Automated Security Scans

Trace Monitoring

Why Monitor Traces?

Traces reveal:
  • What agents are actually doing
  • Anomalous behavior patterns
  • Security incidents in progress
  • Performance bottlenecks

Implementing Traces

Trace Analysis

Observability Stack

Network Security

Closed VPC Networks

Isolate agents from public internet:

Private VPC

Agents (Agent 1, Agent 2, Agent 3) ↓ NAT Gateway (allowlist only) ↓ Allowed Destinations: api.anthropic.com, github.com, internal-api
All agent traffic routes through NAT Gateway with strict egress allowlist. No direct internet access.

Egress Controls

Service Mesh

Data Protection

Secrets in Context

Never pass secrets to agents:

PII Handling

Security Checklist

  • Input validation and sanitization
  • Output filtering for sensitive data
  • Instruction hierarchy (system > user)
  • Prompt injection test suite
  • Trace logging enabled
  • Anomaly detection alerts
  • Network egress controls
  • Secrets management (not in prompts)
  • PII redaction
  • Regular security audits

Incident Response

When Compromise Detected

  1. Isolate - Stop affected agents immediately
  2. Preserve - Save traces and logs
  3. Analyze - Determine attack vector
  4. Remediate - Fix vulnerability
  5. Rotate - Change any exposed credentials
  6. Report - Document incident

Runbook

Agent Permissions

Control agent capabilities

Secrets Management

Secure credential handling