In 2024, we secured the input (Prompt Injection). In 2025, we secured the output (Hallucinations and Data Leakage). In 2026, we must secure the action.
As organizations move from passive "Chatbots" to "Autonomous Agents" capable of browsing the web, accessing databases, and executing transactions, the attack surface has shifted from text manipulation to unauthorized systemic agency. This session provides security leaders with a strategic framework for governing "Agentic Loops." We will move beyond the OWASP Top 10 for LLMs to address the "Three Pillars of Agentic Risk": Delegated Authority, Execution Sandbox Integrity, and Non-Deterministic Logic.
Attendees will leave with a leadership blueprint for deploying autonomous systems that are "Secure by Agency," ensuring that as AI gets more independent, our security oversight remains absolute.
Learning Objectives
* Define the "Agentic Shift": Understand the architectural difference between a retrieval-augmented generation (RAG) chatbot and a tool-use autonomous agent.
* Architectural Guardrails: Learn how to implement "Human-in-the-loop" (HITL) triggers for high-risk autonomous actions without bottlenecking productivity.
* Identity for AI: Establish a framework for Machine Identity Management—how to assign, audit, and revoke permissions for AI agents as if they were employees.
* The Kill-Switch Protocol: Develop a crisis management plan for "runaway" agents that begin executing recursive, high-cost, or destructive loops.
The "Agentic Risk" Hierarchy
| Level | Capability | Primary Security Risk | Leadership Priority |
|---|---|---|---|
| Level 1 | Read-Only (Chat) | Data Exfiltration / PI Leakage | Data Governance |
| Level 2 | Tool Use (API) | Indirect Prompt Injection | API Scoping & Auth |
| Level 3 | Autonomous (Agent) | Unauthorized Systemic Action | Agentic Governance |
Detailed Session Outline
I. The Death of the Chatbox (5 mins)
* Why "Chatting" was just the training wheels for AI.
* The rise of Agentic AI in 2026: Agents that book travel, write code, and manage cloud infrastructure.
II. The New Threat Landscape: Beyond Prompt Injection (10 mins)
* Recursive Loops: When an agent gets stuck in a logic trap that drains API credits or compute.
* Escalated Agency: How an agent with "Limited" access can be manipulated into "Full" admin actions via multi-step social engineering.
III. The Leadership Framework: "Secure by Agency" (20 mins)
* The Sandbox Requirement: Why agents must live in ephemeral, isolated environments.
* The Principle of Least Agency: Designing agents that only have the "tools" strictly necessary for the task.
* The Auditability Gap: Moving from text logs to "Action Logs"—recording every click and API call an AI makes.
IV. Case Study: The Global Scale Perspective (5 mins)
* Lessons learned from managing security releases and vulnerability programs at a global scale.
* Scaling agentic oversight across distributed teams (e.g., US and India-based centers).
V. Closing: The 90-Day Agentic Roadmap (5 mins)
* Immediate steps for CSOs to inventory "Shadow Agents" within their organizations.
Speaker Bio
Kavia Venkatesh is a seasoned Product Security leader with over a decade of experience securing global platforms at scale. Currently serving as a Director of Product Security, she specializes in building resilient security cultures and managing complex M&A integrations. With a background that includes leading security releases for Android OS at Google and building vulnerability management programs at Microsoft and Twilio, Kavia brings a unique, "front-line" perspective to the challenges of AI governance. She is a frequent speaker at DEFCON and BSides and is a graduate of the Stanford LEAD Program.
