{"id":22663,"date":"2025-03-10T10:46:57","date_gmt":"2025-03-10T10:46:57","guid":{"rendered":"https:\/\/interface.media\/?p=22663"},"modified":"2025-03-10T10:47:06","modified_gmt":"2025-03-10T10:47:06","slug":"how-do-you-secure-agentic-ai","status":"publish","type":"post","link":"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/","title":{"rendered":"How do you secure Agentic AI?"},"content":{"rendered":"\n<p>Agentic AI systems are capable of perceiving, reasoning, acting, and learning. As a result, they are set to revolutionise how AI is used by both defenders and adversaries. They\u2019ll see AI used not just to create or summarise content but to provide recommended actions. Then, Agentic AI will follow through so that the AI is making autonomous decisions.\u00a0<\/p>\n\n\n\n<p>It\u2019s a big step. Ultimately, it will test just how far we are willing to trust the technology. Some would argue it takes us perilously close to the technological singularity, where computer intelligence surpasses our own. As a result, it will require some guard rails to be put in place.<\/p>\n\n\n\n<p>One thing has become clear from the most recent generations of AI. Evidently, technology needs to be protected, not just from attackers but from itself. There have been numerous instances of AI succumbing to the issues as highlighted in the OWASP <a href=\"https:\/\/genai.owasp.org\/resource\/owasp-top-10-for-llm-applications-2025\/\">Top 10 Guide for LLM Applications<\/a> which has just been newly updated for 2025. Issues range from incorrectly interpreting data leading to hallucinations to exfiltrating or leaking data. There are a host of challenges associated already with Generative AI. The problem becomes even more complex once it becomes agentic.\u00a0<\/p>\n\n\n\n<p>This elevated risk is reflected in the new Top 10. It now sees LLM06, which was formerly \u2018Over reliance on LLM-generated content\u2019, become \u2018Excessive Agency\u2019. Essentially, agents or plug-ins could be assigned excessive functionality, permissions or autonomy, resulting in them having unnecessary free rein.\u00a0<\/p>\n\n\n\n<p>Another new addition to the list is LLM08 \u2018Vector and embedding weaknesses\u2019. Tis refers to the risks posed by Retrieval-Augmented Generation (RAG) which <a href=\"https:\/\/interface.media\/blog\/2025\/02\/27\/what-makes-ai-agentic-qa-with-fouzi-husaini-chief-technology-ai-officer-at-marqeta\/\">agentic systems<\/a> use to supplement their learning.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-agentic-ai-and-apis\">Agentic AI and APIs<\/h3>\n\n\n\n<p>As with <a href=\"https:\/\/interface.media\/blog\/2025\/03\/06\/the-evolution-of-ai-in-2025\/\">Generative AI<\/a>, agentic relies upon Application Programming Interfaces (APIs). The AI uses APIs in order to access data and communicate with other systems and LLMs.\u00a0<\/p>\n\n\n\n<p>Because of this, AI is intrinsically linked to API security, meaning that the security of LLMs, agents and plug-ins will only be as good as that of the APIs. In fact, the likelihood is that APIs will become the most targeted asset when it comes to AI attacks, with smarter and stealthier bots set to exploit APIs for the purposes of credential stuffing, data scraping and account takeover (ATO).&nbsp;<\/p>\n\n\n\n<p>To counter these attacks, organisations will need to deploy real-time AI defences. These systems will need to be able to adapt on the fly while remaining, to all intents and purposes, invisible.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-the-agentic-ai-impact-on-security-nbsp\">The Agentic AI impact on security&nbsp;<\/h3>\n\n\n\n<p>Because agentic AI is autonomous, there will need to be more effective controls that govern what it can to do. From a technological perspective, it will be necessary to secure how it collects and transfers data. Policies detailing expected behaviours, will have to be enforced and measures put in place to mitigate attacks on the data.\u00a0<\/p>\n\n\n\n<p>When it comes to developing AI applications, having a Secure Development Life Cycle will be key to ensure security is considered at every stage of development.&nbsp;<\/p>\n\n\n\n<p>We\u2019ll also see AI itself used as part of the process to test and optimise code. The technology will move from being used to assist the developer to augmenting them by supplementing any skills gaps, anticipating bottlenecks and pre-empting issues to make the DevOps process much more efficient.&nbsp;<\/p>\n\n\n\n<p>Equally important is how we will govern the deployment of these technologies in the workplace to prevent the technology running amok. There will need to be ownership assigned over the governance of these systems and it will need to be determined who has access to these systems and how they will be authenticated. There are a myriad of ethical questions to consider too, such as how the organisation can prevent the AI from overstepping or abusing its function but, at the other end of the scale, how we can avoid it simply following orders that might result in a logical but not a desirable conclusion.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-agentic-assists-attackers-too\">Agentic assists attackers too<\/h3>\n\n\n\n<p>Of course, all of this also has implications for API security and bot management. Attacks too will be driven by intelligent self-directed bots so will be far more difficult to detect and stop.&nbsp;<\/p>\n\n\n\n<p>Against these AI-powered attacks, existing methods of detecting malicious activity that look for high volume automated attacks by tracking speeds and feeds will lose their relevance. Instead, we\u2019ll see a shift towards security solutions that target behaviour, seeking to predict intent. It will be a paradigm moment that will usher in a new age of more sophisticated tools and strategies.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-preparing-for-the-age-of-agentic-ai\">Preparing for the age of agentic AI<\/h3>\n\n\n\n<p>We\u2019re at the threshold of an exciting new era in AI but how can organisations prepare for this eventuality?&nbsp;<\/p>\n\n\n\n<p>The likelihood is that if your business currently uses Generative AI it is now looking at agentic. <a href=\"https:\/\/www2.deloitte.com\/us\/en\/insights\/industry\/technology\/technology-media-and-telecom-predictions\/2025\/autonomous-generative-ai-agents-still-under-development.html\">Deloitte p<\/a>redicts <a href=\"https:\/\/www2.deloitte.com\/us\/en\/insights\/industry\/technology\/technology-media-and-telecom-predictions\/2025\/autonomous-generative-ai-agents-still-under-development.html\"> 25% of companies<\/a> in this category will launch pilots this year and 50% in 2027. It\u2019s expected that companies will naturally progress from one to the other. Therefore , it&#8217;s imperative that they look to lay the groundwork now with their existing AI.<\/p>\n\n\n\n<p>The common ground here is the API and this is where attention needs to be focused to ensure that the AI operates securely. Conducting a discovery exercise to create an inventory of all Generative AI APIs is a must together with an approved list of Generative AI tools and this will reduce the risk of shadow AI. Sensitive data controls should also be put in place that prescribe what can be accessed by the AI to prevent intellectual property from leaving the environment. And from a development perspective, guard rails must be put in place that govern the reach and functionality of the application.&nbsp;&nbsp;<\/p>\n\n\n\n<p>There are a myriad of uses to which agentic AI will be put. Expect it to work with other LLMs, make faster, more informed decisions, and to improve that decision making over time. All of this could help businesses achieve its objectives and goals quicker. In fact, Gartner predicts it will play an active role in <a href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2024-10-21-gartner-identifies-the-top-10-strategic-technology-trends-for-2025\">15% of decision making by 2028<\/a>. The genie is well and truly out of the bottle which means companies that fail to prioritise trust and transparency and implement the necessary controls will find themselves in the middle of an AI trust crisis they simply can\u2019t afford to ignore.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>James Sherlow, Systems Engineering Director, EMEA, at Cequence Security, looks at the evolution of Agentic AI and how cybersecurity teams can make AI agents safe. <\/p>\n","protected":false},"author":480,"featured_media":22664,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"apple_news_api_created_at":"2025-03-10T10:47:03Z","apple_news_api_id":"e6c79d0c-b7ac-49c5-935e-ddaa904398f2","apple_news_api_modified_at":"2025-03-10T10:47:03Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/A5sedDLesScWTXt2qkEOY8g","apple_news_cover_media_provider":"image","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_cover_video_id":0,"apple_news_cover_video_url":"","apple_news_cover_embedwebvideo_url":"","apple_news_is_hidden":"","apple_news_is_paid":"","apple_news_is_preview":"","apple_news_is_sponsored":"","apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":[],"apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[3],"tags":[],"topic":[613,614],"class_list":["post-22663","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-interface","topic-cybersecurity","topic-data-ai"],"acf":[],"apple_news_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.6 (Yoast SEO v26.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How do you secure Agentic AI? - Interface<\/title>\n<meta name=\"description\" content=\"James Sherlow, Systems Engineering Director, EMEA, at Cequence Security, looks at securing Agentic AI agents.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How do you secure Agentic AI?\" \/>\n<meta property=\"og:description\" content=\"James Sherlow, Systems Engineering Director, EMEA, at Cequence Security, looks at securing Agentic AI agents.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/\" \/>\n<meta property=\"og:site_name\" content=\"Interface\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-10T10:46:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-10T10:47:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/03\/iStock-1412327101.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"924\" \/>\n\t<meta property=\"og:image:height\" content=\"693\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dan Brightmore\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dan Brightmore\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/\",\"url\":\"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/\",\"name\":\"How do you secure Agentic AI? - Interface\",\"isPartOf\":{\"@id\":\"https:\/\/interface.media\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/03\/iStock-1412327101.jpg\",\"datePublished\":\"2025-03-10T10:46:57+00:00\",\"dateModified\":\"2025-03-10T10:47:06+00:00\",\"author\":{\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748\"},\"description\":\"James Sherlow, Systems Engineering Director, EMEA, at Cequence Security, looks at securing Agentic AI agents.\",\"breadcrumb\":{\"@id\":\"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/#primaryimage\",\"url\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/03\/iStock-1412327101.jpg\",\"contentUrl\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/03\/iStock-1412327101.jpg\",\"width\":924,\"height\":693,\"caption\":\"James Sherlow, Systems Engineering Director, EMEA, at Cequence Security, looks at the evolution of Agentic AI and how cybersecurity teams can make AI agents safe.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/interface.media\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How do you secure Agentic AI?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/interface.media\/#website\",\"url\":\"https:\/\/interface.media\/\",\"name\":\"Interface\",\"description\":\"Delivering World Class Content \u201cFrom Executive, For Executive\u201c\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/interface.media\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748\",\"name\":\"Dan Brightmore\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g\",\"caption\":\"Dan Brightmore\"},\"url\":\"https:\/\/interface.media\/blog\/author\/dbrightmore\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How do you secure Agentic AI? - Interface","description":"James Sherlow, Systems Engineering Director, EMEA, at Cequence Security, looks at securing Agentic AI agents.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_GB","og_type":"article","og_title":"How do you secure Agentic AI?","og_description":"James Sherlow, Systems Engineering Director, EMEA, at Cequence Security, looks at securing Agentic AI agents.","og_url":"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/","og_site_name":"Interface","article_published_time":"2025-03-10T10:46:57+00:00","article_modified_time":"2025-03-10T10:47:06+00:00","og_image":[{"width":924,"height":693,"url":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/03\/iStock-1412327101.jpg","type":"image\/jpeg"}],"author":"Dan Brightmore","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Dan Brightmore","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/","url":"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/","name":"How do you secure Agentic AI? - Interface","isPartOf":{"@id":"https:\/\/interface.media\/#website"},"primaryImageOfPage":{"@id":"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/#primaryimage"},"image":{"@id":"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/#primaryimage"},"thumbnailUrl":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/03\/iStock-1412327101.jpg","datePublished":"2025-03-10T10:46:57+00:00","dateModified":"2025-03-10T10:47:06+00:00","author":{"@id":"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748"},"description":"James Sherlow, Systems Engineering Director, EMEA, at Cequence Security, looks at securing Agentic AI agents.","breadcrumb":{"@id":"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/#primaryimage","url":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/03\/iStock-1412327101.jpg","contentUrl":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/03\/iStock-1412327101.jpg","width":924,"height":693,"caption":"James Sherlow, Systems Engineering Director, EMEA, at Cequence Security, looks at the evolution of Agentic AI and how cybersecurity teams can make AI agents safe."},{"@type":"BreadcrumbList","@id":"https:\/\/interface.media\/blog\/2025\/03\/10\/how-do-you-secure-agentic-ai\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/interface.media\/"},{"@type":"ListItem","position":2,"name":"How do you secure Agentic AI?"}]},{"@type":"WebSite","@id":"https:\/\/interface.media\/#website","url":"https:\/\/interface.media\/","name":"Interface","description":"Delivering World Class Content \u201cFrom Executive, For Executive\u201c","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/interface.media\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748","name":"Dan Brightmore","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/interface.media\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g","caption":"Dan Brightmore"},"url":"https:\/\/interface.media\/blog\/author\/dbrightmore\/"}]}},"_links":{"self":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/22663","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/users\/480"}],"replies":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/comments?post=22663"}],"version-history":[{"count":1,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/22663\/revisions"}],"predecessor-version":[{"id":22665,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/22663\/revisions\/22665"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/media\/22664"}],"wp:attachment":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/media?parent=22663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/categories?post=22663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/tags?post=22663"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/topic?post=22663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}