25.3 C
Munich
星期四, 2 7 月, 2026

From guardrails to governance: A CEO’s guide for securing agentic systems

Must read

Incredible deal: Honor Magic V6 launches in the UK today, claim £600 off and a gift here!

Honor Magic V6 is here, now at a massive early bird discount! #Incredible #deal #Honor #Magic #launches #today #claim #gift

The Download: a startup has a solution for AI’s groupthink problem

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. LLMs...

England legend offers Thomas Tuchel’s side crucial World Cup advice

EXCLUSIVE England icon Emile Heskey had some words of advice for Thomas Tuchel's side when he was asked how he dealt with the constant...

Android 17 is making $1,000 premium Pixel phones perform worse than some budget phones

Gaming has never been a highlight of Pixel smartphones, and things have gone even further downhill since Android 17. #Android #making #premium #Pixel #phones #perform...

3. Permissions by design: Bind tools to tasks, not to models

A common anti-pattern is to give the model a long-lived credential and hope prompts keep it polite. SAIF and NIST argue the opposite: credentials and scopes should be bound to tools and tasks, rotated regularly, and auditable. Agents then request narrowly scoped capabilities through those tools.

In practice, that looks like: “finance-ops-agent may read, but not write, certain ledgers without CFO approval.”

The CEO question: Can we revoke a specific capability from an agent without re-architecting the whole system?

Control data and behavior

These steps gate inputs, outputs, and constrain behavior.

4. Inputs, memory, and RAG: Treat external content as hostile until proven otherwise

Most agent incidents start with sneaky data: a poisoned web page, PDF, email, or repository that smuggles adversarial instructions into the system. OWASP’s prompt-injection cheat sheet and OpenAI’s own guidance both insist on strict separation of system instructions from user content and on treating unvetted retrieval sources as untrusted.

Operationally, gate before anything enters retrieval or long-term memory: new sources are reviewed, tagged, and onboarded; persistent memory is disabled when untrusted context is present; provenance is attached to each chunk.

The CEO question: Can we enumerate every external content source our agents learn from, and who approved them?

5. Output handling and rendering: Nothing executes “just because the model said so”

In the Anthropic case, AI-generated exploit code and credential dumps flowed straight into action. Any output that can cause a side effect needs a validator between the agent and the real world. OWASP’s insecure output handling category is explicit on this point, as are browser security best practices around origin boundaries.

#guardrails #governance #CEOs #guide #securing #agentic #systems

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest article

Incredible deal: Honor Magic V6 launches in the UK today, claim £600 off and a gift here!

Honor Magic V6 is here, now at a massive early bird discount! #Incredible #deal #Honor #Magic #launches #today #claim #gift

The Download: a startup has a solution for AI’s groupthink problem

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. LLMs...

England legend offers Thomas Tuchel’s side crucial World Cup advice

EXCLUSIVE England icon Emile Heskey had some words of advice for Thomas Tuchel's side when he was asked how he dealt with the constant...

Android 17 is making $1,000 premium Pixel phones perform worse than some budget phones

Gaming has never been a highlight of Pixel smartphones, and things have gone even further downhill since Android 17. #Android #making #premium #Pixel #phones #perform...

Volatile egos, rows and knife threats – No44 in 50 Greatest Bands Of All Time

Formed in swinging London during 1966, Cream are often called the first true “supergroup” since each member already had a significant presence in other...