An agent is an LLM with tools, memory, and the ability to act across multiple steps without a human in the loop. Every capability that makes it useful also extends the blast radius. Classical AppSec controls assume code executes under a known identity with a defined permission set. Agents do neither.
Applied Technical Deep Dive
|
|
What you´ll learn |
Indirect prompt injection —attackers embed instructions in documents, emails, and web pages the agent will read; how a retrieval step becomes a remote code execution primitive
Excessive agency and permission scope —why least-privilege is harder when the agent decides what to do next, and how to enforcetool boundaries that survive adversarial inputs
Memory poisoning —persistent memory as a persistent attack surface; how malicious content survives across sessions and corruptsfuture decisions
Multi-agent trust —orchestrator-to-subagent calls carry no verified identity by default; how trust degrades across a pipeline and what signing and scoping looks like in practice
Human-in-the-loop design —which decisions must pause for approval, how to make checkpoints tamper-evident, and what irreversibility means as a security property
Mapped to OWASP Top 10 for Agentic Applications 2026, MITRE ATLAS v5.5, and EU AI Act (Aug 2026 deadline).
Pick the path that matches your team – Read more
|
|
Target audience |
Senior Engineers, AppSec Leads, Architects
|
|
Prerequisites |
AI Security for LLM Applications, or equivalent experience.