AWS re:Invent 2025 - Zero Trust for Agentic Systems: Managing Non-Human Identities at Scale (SEC211)

Securing Agentic Systems: Managing Non-Human Identities at Scale

Agentic Systems and the Evolving Threat Landscape

• Agentic systems, where AI agents make autonomous decisions, introduce new security challenges
• Breaches involving AI are on the rise, often due to basic security oversights
  • Examples: McDonald's job application exposure, Samsung source code leak, HIPAA violations
• Top risks have shifted from injection attacks to prompt-based exploits, which can be executed without code
• Agentic systems have a large attack surface, with many integration points and autonomous decision-making

Key Threat Categories

1. Identity and Authorization Threats
   • "Confused deputy" problem, where agents have more privileges than their human users
2. Credential and Secret Management
   • Secret exposure and theft, long-lived credentials
3. Tool and Integration Exploits
   • "Tool poisoning" attacks, weak API authentication
4. Supply Chain Attacks
   • Vulnerabilities in shared infrastructure like MCP servers
5. Multi-Agent System Threats
   • Injection of false information by tampering with agent communication
6. Prompt-Based Attacks
   • Carefully crafted prompts that can override agent instructions
7. Data Security Threats
   • "Rag poisoning" attacks on retrieval-augmented generation systems
8. Runtime and Operational Threats
   • Tool misuse, detection and guardrail evasion
9. Compliance and Governance Gaps
   • Lack of comprehensive audit trails for agent actions

Securing the Agentic Development Lifecycle

• Security must be considered throughout the development process, not just in production
• Risks in the "build and test" phase include:
  • Overreliance on "vibe coding" and AI-assisted development, which can introduce supply chain and security vulnerabilities
  • Lack of security-first mindset, prioritizing speed over security
• Tools like HCP Vault Radar can help discover and remediate unsecured secrets introduced during development

Identity-Based Security for Agentic Systems

• Agentic systems require a unique, auditable identity for each agent
• Dynamic authorization, short-lived credentials, and consent frameworks are critical
• Kubernetes integration with Vault enables secure, scalable identity and credential management
  • Vault supports dynamic secrets generation, PKI certificate management, and audit logging

Leveraging PKI and TLS/mTLS

• TLS and mTLS are essential for protecting agentic systems, preventing credential leaks
• Vault provides a flexible, scalable PKI management solution
  • Automated certificate issuance, revocation, and distribution
  • Support for modern standards like SPIFFE
  • Integration with service meshes for secure inter-service communication

Key Takeaways

• Agentic systems introduce new security challenges, but many can be addressed with core security best practices
• Identity and credential management are critical, requiring unique agent identities, dynamic authorization, and short-lived secrets
• Comprehensive audit trails and security-first development practices are essential
• Leveraging tools like Vault for PKI, secrets management, and identity brokering can help secure agentic systems at scale