TalksAWS re:Invent 2025 - Zero Trust for Agentic Systems: Managing Non-Human Identities at Scale (SEC211)

AWS re:Invent 2025 - Zero Trust for Agentic Systems: Managing Non-Human Identities at Scale (SEC211)

Securing Agentic Systems: Managing Non-Human Identities at Scale

Agentic Systems and the Evolving Threat Landscape

  • Agentic systems, where AI agents make autonomous decisions, introduce new security challenges
  • Breaches involving AI are on the rise, often due to basic security oversights
    • Examples: McDonald's job application exposure, Samsung source code leak, HIPAA violations
  • Top risks have shifted from injection attacks to prompt-based exploits, which can be executed without code
  • Agentic systems have a large attack surface, with many integration points and autonomous decision-making

Key Threat Categories

  1. Identity and Authorization Threats
    • "Confused deputy" problem, where agents have more privileges than their human users
  2. Credential and Secret Management
    • Secret exposure and theft, long-lived credentials
  3. Tool and Integration Exploits
    • "Tool poisoning" attacks, weak API authentication
  4. Supply Chain Attacks
    • Vulnerabilities in shared infrastructure like MCP servers
  5. Multi-Agent System Threats
    • Injection of false information by tampering with agent communication
  6. Prompt-Based Attacks
    • Carefully crafted prompts that can override agent instructions
  7. Data Security Threats
    • "Rag poisoning" attacks on retrieval-augmented generation systems
  8. Runtime and Operational Threats
    • Tool misuse, detection and guardrail evasion
  9. Compliance and Governance Gaps
    • Lack of comprehensive audit trails for agent actions

Securing the Agentic Development Lifecycle

  • Security must be considered throughout the development process, not just in production
  • Risks in the "build and test" phase include:
    • Overreliance on "vibe coding" and AI-assisted development, which can introduce supply chain and security vulnerabilities
    • Lack of security-first mindset, prioritizing speed over security
  • Tools like HCP Vault Radar can help discover and remediate unsecured secrets introduced during development

Identity-Based Security for Agentic Systems

  • Agentic systems require a unique, auditable identity for each agent
  • Dynamic authorization, short-lived credentials, and consent frameworks are critical
  • Kubernetes integration with Vault enables secure, scalable identity and credential management
    • Vault supports dynamic secrets generation, PKI certificate management, and audit logging

Leveraging PKI and TLS/mTLS

  • TLS and mTLS are essential for protecting agentic systems, preventing credential leaks
  • Vault provides a flexible, scalable PKI management solution
    • Automated certificate issuance, revocation, and distribution
    • Support for modern standards like SPIFFE
    • Integration with service meshes for secure inter-service communication

Key Takeaways

  • Agentic systems introduce new security challenges, but many can be addressed with core security best practices
  • Identity and credential management are critical, requiring unique agent identities, dynamic authorization, and short-lived secrets
  • Comprehensive audit trails and security-first development practices are essential
  • Leveraging tools like Vault for PKI, secrets management, and identity brokering can help secure agentic systems at scale

Your Digital Journey deserves a great story.

Build one with us.

Talk to us
Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.