AI systems often have poor judgment, and the security domain is playing catch-up with the rapid evolution of AI agents and protocols.
Application developers should focus on mitigating sensitive information disclosure and excessive agency, as these have a large attack surface under their control.
Traditional role-based access control (RBAC) is insufficient for RAG systems due to dynamic context and complex data relationships, necessitating a fine-grained authorization (FGA) approach.
OpenFGA uses authorization models and relationship tuples to filter documents from a vector store, ensuring the LLM only receives data the user is permitted to see.
Control an AI agent's tool access at the code level using zero trust principles, applying standard RBAC for simple cases and FGA for granular, user-dependent permissions.
Use OAuth 2.0 federation to allow AI agents to call third-party APIs on a user's behalf without handling raw credentials, using a broker to manage access tokens.
Implement human-in-the-loop approvals for high-stakes actions by using the CIBA flow to send asynchronous authorization requests to users for confirmation.
A live demo showcases step-up authorization where an agent requests user consent before accessing sensitive data, followed by an overview of the application's architecture.
29:00Alex Soto
26:47Alejandro Saucedo
30:36Mackenzie Jackson
29:03Jörg Neumann
29:28Kai Grunwitz, Klaus Bürg & Tomislav Tipurić
1:00:00Alex Olivier
30:01Mario Fusco
28:27PJ Hagerty
Jobs that call for the skills explored in this talk.
TRUSTEQ GmbH