How To Embed Security Into Agentic AI Deployments
The expansion of AI across the enterprise has prompted C-suite and IT leaders to reconsider the security protocols protecting their deployments. Many organizations are looking to deepen and expand protections to stay ahead of evolving AI risks and reduce exposure as threats proliferate. Recent research indicates that 80% of organizations will face phishing attacks that use synthetic identities and AI-generated deepfakes.
Today, threat actors seek not only to compromise tools, API keys and platforms, but also to hijack AI agents using credentials theft, authentication fraud and trust exploitation. In addition to targeting agentic AI activity through memory poisoning and tool misuse, these cyberattacks can disrupt remote code execution (RCE) and tamper with agentic source code.
While current security guardrails minimize the chances of unsafe AI agent activity, they can’t eliminate the risk completely. That’s why DevSecOps teams and IT leaders need to define when human-in-the-loop (HITL) intervention is necessary. In this article, we explore the current AI threat environment and the architecture elements that support autonomous AI decision-making and transparency while reinforcing control. We also consider best practices for protecting agentic AI and the primary security approaches to ensure workflow integrity.
What Are the Biggest Security Threats Facing Agentic AI?
In today’s new security paradigm, the communications platform, file systems, code repositories and internal APIs that represent the foundation of AI are all at risk. To be sure, agentic security is most effective when controls are embedded at each stage of the AI performance loop, rather than focused on the model edge.
Historically, organizations have learned over time how to secure their IT systems once they’ve gained functional knowledge of the new technology, from client-server systems and cloud services to edge computing. In the case of agentic AI, enterprises are quickly discovering vulnerabilities at the outset, whether designing GenAI prompts, deploying customized AI initiatives or adopting third-party agents.
At the same time, DevSecOps teams are scrambling to ensure guardrails are in place and provide protections in a fast-changing environment. Since autonomous AI agents rely on workflows that span multiple boundaries, they’re vulnerable to a range of attacks and manipulations. As a result, security controls need to be present at every stage of agentic architecture. The key vulnerabilities include: nefarious prompt injections, memory poisoning, tool misuse, compromised agentic communications and semantic hijacking.
In addition to deceptive prompts that can cause agents to misuse tools (e.g., file systems, APIs, code interpreters, etc.), attackers can poison multi-agent communications using false information. The results are degraded agent coordination, poor performance and impaired group decisions. To combat these and other critical vulnerabilities (e.g., intent breaking, resource overload, identity spoofing, etc.), a human-in-the-loop (HITL) approach ensures continuous human intervention to add a layer of consistent safety and trust.
“This human-in-the-loop control acts as a critical safeguard, ensuring that unintended data-exposure risks are identified and mitigated before code reaches production,” says Konstantin Dinev, Director of Product Development at Infragistics, a global software company for application design, development and AI-driven insights.
Agentic security is most effective when controls are embedded at each stage of the AI performance loop, rather than focused on the model edge.
What Architecture Do IT Leaders Need to Secure Agentic AI?
Ensuring that the best AI safeguards are in place requires the right architecture to support a layered security approach. For example, integrated telemetry can provide full-spectrum context for understanding agentic behavior across all modalities (e.g., endpoints, networks, identity, cloud, etc.).
This foundational layer, comprised of raw data, is critical to ensure that agents can reason, defend against threats and perform logical evaluations. For example, instituting continuous evaluation loops in manufacturing or parsing live transaction data in finance. Unified telemetry provides the comprehensive feedback that agentic AI requires to perform everything from debugging to optimizing costs with high levels of accuracy.
Running alongside agent behavioral analysis, API normalization ensures that all data is structured and conforms to prerequisites, enabling agents to connect to external services and take actions, such as standardizing calendar/email management or internal ticketing. This mitigation broker functions as a translator between an AI agent and third-party SaaS tools to boost monitoring and enforce security policies across autonomous systems. API normalization also prevents tool manipulation and ensures that all reasoning data is validated, structured and void of harmful Indirect Prompt Injections (IPI).
“Production API keys should only live in production environment configurations,” states Dinev. “Development machines, agentic sandboxes, and continuous integration (CI) environments should utilize another set of keys, which are only for dev and CI purposes,” he adds.
Secure longterm AI performance also depends on consistent observability to monitor agentic behavior at every point of activity, whether the actions are tool calls, data access or decision-making. Within a security context, any deviations from preset baselines generate detection signals that alert the presence of anomalous activity. In tandem with network analytics, observability correlates agent activity with broader security telemetry, enabling IT and DevSecOps teams to monitor overall performance and contain failures.
How Can Organizations Strengthen Agentic AI Security?
Adopting best practices means staying current with the fast-moving AI landscape. It also requires staying knowledgeable about which toolsets and agentic approaches are up to date and effective, which frameworks are receiving attention, and what questions to ask when vendors offer services. Best practices also depend on understanding how AI applications are built and implemented, from the key components that comprise an application to agent performance across toolchains, inputs and security controls.
Sandboxing offers structural control to agentic execution environments, providing boundaries that are actively monitored and designed to contain failures. As a key security component within best practices, sandboxing allows only listed tools and APIs, enforces least-privilege boundaries, restricts network access, validates output pathways and logs all boundary interactions. Further, it ensures that a given platform has a well-defined baseline that security teams can use to define and mitigate anomalies.
In addition to setting up logging to track agentic decisions and tool interactions, human-in-the-loop (HITL) monitoring takes agent AI security even further by directing human intervention to review or validate actions when AI behavior raises questions, particularly in edge scenarios. Asserting these technical controls can reduce the probability of unsafe agent behavior and severe security lapses, such as irreversible data changes and unauthorized access provisioning.
“Any possible access can be exploited with the right code that is injected into the system, and then that exploit can ripple. Yes, your developers may have a harder time getting access to some of your internal resources. But if they have an easy time, that means that anything executed through their machine has an easy time, too,” Dinev adds.
Finally, for C-suite and security leaders, understanding the role of zero trust and its holistic approach to cybersecurity is critical. Organizations can gain insights and protections that extend to AI-specific risks both within and outside their networks. As a strategic approach to security, zero trust demands that every network request should be authenticated, authorized and validated in context. It offers a critically important approach to ensuring continuous verification at each AI development cycle: model planning, data retrieval, tool implementation and memory access.
About the Author

Kerry Doyle
Contributor
Kerry Doyle focuses primarily on issues relevant to both C-suite and enterprise leaders through technology articles, white papers and analyses. He covers a diverse range of topics, from nanotech to the cloud, open source to AI. Passionate about both the written word and communicating the value of technology, his experience stems from senior editorial positions at PCWeek, PCComputing, ZDNet, and CNet.com. He's a graduate of Boston University with a bachelor's degree in comparative literature.
Resources
Quiz
Stay ahead of the curve with weekly insights into emerging technologies, cybersecurity, and digital transformation. TechEDGE brings you expert perspectives, real-world applications, and the innovations driving tomorrow’s breakthroughs, so you’re always equipped to lead the next wave of change.

