1.9 KiB
1.9 KiB
2026-02-13 - Daily Memory Log
YouTube Summary: Zero Trust in the Age of Agentic AI
Video: https://youtu.be/d8d9EZHU7fw
Topic: Cybersecurity - Securing AI Agent Systems with Zero Trust Principles
Key Concepts
Agentic AI Risks
- AI agents that act (call APIs, buy things, move data, spawn sub-agents) introduce entirely new attack surfaces
- Non-Human Identities (NHIs) - software actors using credentials - proliferate rapidly and need same/more control than human users
Core Zero Trust Principles
- "Never trust, always verify" - verification precedes trust
- Just-in-time access vs. just-in-case (privilege only when needed)
- Principle of least privilege
- Move from perimeter-based security to pervasive controls throughout the system
- Assumption of breach (design assuming attackers are already inside)
Attack Vectors on Agentic Systems
- Direct prompt injection - breaking context to make agents do unauthorized things
- Policy/preference poisoning - manipulating training data or context
- Interface insertion - hijacking MCP calls or tool interfaces
- Credential attacks - stealing/copying NHI credentials to escalate privileges
- Attacks on APIs, data sources, tools, and spawned sub-agents
Zero Trust Solutions for AI
- Unique dynamic credentials for every agent/user stored in vaults (never embedded in code)
- Tool registries with vetted/verified secure APIs only
- AI firewalls/gateways for prompt injection detection and blocking
- Continuous monitoring for data leaks and improper calls
- Just-in-time privilege enforcement with strong authentication
Why It Matters
As AI agents become more autonomous and integrated into systems, traditional perimeter security fails. Zero Trust principles adapted for software actors (NHIs) and agent-to-agent interactions will become critical for securing AI-native infrastructure.
Stored during pre-compaction flush