Zero Secrets: Building Secure Infrastructure for AI Agents, by Jonathan Ström

AI agents are becoming increasingly powerful through their ability to use tools: executing shell commands, writing and running code, managing files, and interacting with external systems. But this power comes with a fundamentally new risk profile. Unlike reviewed, deterministic code, an agent's runtime behavior is driven by an LLM, making it susceptible to prompt injection and hallucination. When that agent has ambient access to API keys, database credentials, and cloud secrets, a single crafted injection can turn tool access into full credential exfiltration. Securing these workloads isn't optional; it's an architectural concern that belongs at the infrastructure level.

This talk applies the principle of defense in depth to agent security by comparing three architectural approaches: naïve deployment where the agent inherits all host privileges, MCP-based tool control that provides structured application-layer access, and full sandbox isolation with a control plane for infrastructure-layer containment. Each approach operates at a different layer and addresses different failure modes. Understanding where each one helps and where it falls short is key to building agent infrastructure you can trust in production.

The session includes a live demo of sandboxed agents operating in a zero-trust fashion, with a control plane that manages agent state, mediates all tool access, and enforces permissions centrally. Beyond security, we'll explore how this architecture enables stateless disposable agent instances, independent scaling, and centralized policy enforcement across sessions. You'll walk away with a layered security model applicable to any agent deployment, built on familiar infrastructure patterns.

Видео Zero Secrets: Building Secure Infrastructure for AI Agents, by Jonathan Ström канала Jfokus