10 AI Security for Agentic Applications                                                              

An agent is an LLM with tools, memory, and the ability to act across multiple steps without a human in the loop. Every capability that makes it useful also extends the blast radius. Classical AppSec controls assume code executes under a known identity with a defined permission set. Agents do neither.

 

Applied    Technical Deep Dive

What you´ll learn

  • Indirect prompt injection —attackers embed instructions in documents, emails, and web pages the agent will read; how a retrieval step becomes a remote code execution primitive

  • Excessive agency and permission scope —why least-privilege is harder when the agent decides what to do next, and how to enforcetool boundaries that survive adversarial inputs

  • Memory poisoning —persistent memory as a persistent attack surface; how malicious content survives across sessions and corruptsfuture decisions

  • Multi-agent trust —orchestrator-to-subagent calls carry no verified identity by default; how trust degrades across a pipeline and what signing and scoping looks like in practice

  • Human-in-the-loop design —which decisions must pause for approval, how to make checkpoints tamper-evident, and what irreversibility means as a security property

 

Mapped to OWASP Top 10 for Agentic Applications 2026, MITRE ATLAS v5.5, and EU AI Act (Aug 2026 deadline).

 

Pick the path that matches your team – Read more

Target audience

Senior Engineers, AppSec Leads, Architects

Prerequisites

AI Security for LLM Applications, or equivalent experience.

 

Andre relevante kurs