AgentSec

Security for AI systems that read, reason, retrieve, delegate and act.

AgentSec models AI agents as machine actors: identities with memory, tools, permissions, execution paths, audit trails and potential blast radius.

LLM SecurityAgentsPrompt InjectionTool IAM
Machine-Actor Boundary

Agents require identity, scope and auditability.

The permission boundary maps the core risk surfaces of agentic systems: prompt input, persistent memory, tool access and human approval gates.

As AI agents gain operational authority, their security model begins to resemble IAM for machine actors.

Current Landscape

What matters now.

The central risk in agentic systems is boundary collapse: instructions, data, tools, memory and authority can blur into one execution surface.

Prompt injection becomes operationally serious when a model can call APIs, send messages, access files, update records or move money.

Agent security therefore needs identity, permissions, containment, logging, approval gates, memory hygiene, retrieval controls and behaviour monitoring.

Research Programme

Operational focus.

  • Agent risk model covering prompt, tool, memory, coordination, finance and governance layers.
  • Sandboxed prompt-injection labs using harmless scenarios to show boundary failure.
  • Signed tool manifest pattern describing allowed actions, scopes, input schemas and approval requirements.
  • Agent telemetry model for action logs, risk events, policy denials and human approvals.
research programmeprototype trackdashboard tracksecurity-first
Agent Blast-Radius SimulatorINTERACTIVE
Autonomy70
Tool Scope75
Persistent Memory45
Financial Authority30
Human Approval20
Composite Risk0

2026–2030 Prognosis

Likely trajectories for the next cycle.

Forward-looking forecasts grounded in present standards, tooling direction and adversary incentives.

2026

AI-SPM becomes visible

Organisations inventory models, tools, prompts, retrieval systems, credentials and agent workflows.

2027–2028

Agent identity becomes IAM

Machine actors require scoped permissions, signed actions, approval flows and audit records.

2029–2030

Agent governance becomes infrastructure

Multi-agent systems need incident response, behavioural constraints and legal accountability layers.

Research Outputs

What the programme produces.

The output layer converts research into visible artefacts: models, diagrams, simulators, dashboards, datasets, playbooks and defensible architectures.

AgentSec ChecklistControls for LLM apps and tool agents.
Injection LabSafe prompt-injection training.
Tool Policy ModelLeast-privilege execution architecture.
Risk SimulatorInteractive autonomy/blast-radius scoring.