Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Agentic AI Threat Modeling - Part I

Kennedy Torkura
April 04, 2025
Technology
0
16

Agentic AI Threat Modeling - Part I

✨ Agentic AI Threat Modeling ✨

Agents, Agents, Agents .... they are everywhere, or at least it seems so.
We all want to deploy them, leverage their capabilities, or not feel left out. (FOMO) 👀

👉 Well, regardless of where you fall in this distribution, securing agents would become important sooner or later, so adding it to your plan doesn't hurt! And threat modeling AI agents is an area that affords depths of insights.

FACT -> Most security folks don't need to go down the agentic architecture rabbit hole ... but it is imperative to grasp enough knowledge to get the job done. 👍

🤺 Thankfully, the OWASP GenAI Security Project folks recently released a document that provides unbeatable knowledge around agentic security -> "Agentic AI - Threats and Mitigations". You don't want to miss out; head over for your free copy ->https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/

The publication's example agentic threat model has 15 threats ( T1 - T 15). I summarized the first four in the attached document with additional references, including mitigations.

Please have a look and let me know your thoughts. 🙌

Which security use cases of AI agents excite you most?
How do you secure the agents you use today?

Kennedy Torkura

April 04, 2025
Tweet

More Decks by Kennedy Torkura

See All by Kennedy Torkura
Cloud Attack Emulation: Analyzing Entra ID Logs with GenAI
ktorkura
0
11
🤺 Cloud Attack Emulation: Azure Monitor Logs Analysis with GenAI⚡
ktorkura
0
26
GenAI Red Teaming Unique Challenges – Part I
ktorkura
0
30
Emerging GenAI Security Solutions
ktorkura
0
29
The Cyber Resilience Chasm
ktorkura
0
30
Outcome vs Output Security Approaches
ktorkura
0
280
Cloud Attack Emulation for Mere Mortals
ktorkura
0
110
Fast-tracking DevSecOps Maturity With Security Chaos Engineering
ktorkura
0
370
Enhancing Cloud Detection & Response with Security Chaos Engineering
ktorkura
0
58

Other Decks in Technology

See All in Technology
コドモンのQAの今までとこれから -XPによる成長と見えてきた課題-
masasuna
0
150
開発現場とセキュリティ担当をつなぐ脅威モデリング
cloudace
0
130
Enterprise AI in 2025?
pamelafox
0
130
サーバシステムを無理なくコンテナ移行する際に伝えたい4つのポイント/Container_Happy_Migration_Method
ozawa
1
120
AWSエンジニアがSAPのデータ抽出してみた
mayumi_hirano
0
110
ウェブアクセシビリティとは
lycorptech_jp
PRO
0
350
Proxmox VE超入門 〜 無料で作れるご自宅仮想化プラットフォームブックマークする
devops_vtj
0
250
20250326_管理ツールの権限管理で改善したこと
sasata299
1
610
OSSコントリビュートをphp-srcメンテナの立場から語る / OSS Contribute
sakitakamachi
0
100
MCP Documentation Server @AI Coding Meetup #1
yyoshiki41
1
1.9k
”知のインストール”戦略:テキスト資産をAIの文脈理解に活かす
kworkdev
PRO
8
3.3k
生成AI時代のセキュアCI/CDとソース管理
yuriemori
0
100

Featured

See All Featured
Git: the NoSQL Database
bkeepers
PRO
430
65k
How to train your dragon (web standard)
notwaldorf
91
6k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.9k
Why Our Code Smells
bkeepers
PRO
336
57k
Building Adaptive Systems
keathley
41
2.5k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
Optimizing for Happiness
mojombo
377
70k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Designing for humans not robots
tammielis
251
25k
Building an army of robots
kneath
304
45k
Code Review Best Practice
trishagee
67
18k
Fireside Chat
paigeccino
37
3.4k

Transcript

  1. Agentic AI Threat Modeling Part I @run2obtain Excerpts from The

    Agentic AI Threat & Mitigations (OWASP GenAI Security Project) 1

  2. @run2obtain Source: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/ Agentic Threat Modeling Summary 2 T1 –

    T4 are discussed in next slides; description and mitigations. The remaining threats (T5 – T15) will be covered the upcoming parts, watch out !

  3. @run2obtain Source: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/ T1: Memory Poisoning Memory poisoning involves exploiting

    an AI's memory systems, both short and long- term, to introduce malicious or false data and exploit the agent’s context. This can lead to altered decision-making and unauthorized operations. 3 https://billchan226.github.io/AgentPoison.html Description

  4. @run2obtain Source: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/ T1: Memory Poisoning ü Memory content validation

    ü Session isolation ü robust authentication mechanisms for memory access ü Anomaly detection systems ü Regular memory sanitization routines. ü Require AI-generated memory snapshots for forensic analysis and rollback if anomalies are detected. 4 Mitigations

  5. @run2obtain Source: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/ T2: Tool Misuse Tool Misuse occurs when

    attackers manipulate AI agents to abuse their integrated tools through deceptive prompts or commands, operating within authorized permissions. This includes Agent Hijacking. 5 Description https://www.linkedin.com/feed/update/urn:li:activity:7311147680393539586/

  6. @run2obtain Source: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/ T2: Tool Misuse ü Enforce strict tool

    access verification. ü Monitor tool usage patterns ü Validate agent instructions, and set clear operational boundaries to detect and prevent misuse. ü Implement execution logs that track AI tool calls for anomaly detection and post-incident review. 6 Mitigations

  7. @run2obtain Source: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/ T3: Privilege Compromise Privilege compromise arises when

    attackers exploit weaknesses in permission management to perform unauthorized actions. This often involves dynamic role inheritance or misconfigurations. Example is the Confused deputy attack. 7 Description https://www.linkedin.com/feed/update/urn:li:activity:7311900565431635968/

  8. @run2obtain Source: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/ T3: Privilege Compromise ü Implement granular permission

    controls, dynamic access validation, robust monitoring of role changes, and thorough auditing of elevated privilege operations. ü Prevent cross-agent privilege delegation unless explicitly authorized through predefined workflows 8 Mitigations

  9. @run2obtain Source: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/ T4: Resource Overload Resource overload targets the

    computational, memory, and service capacities of AI systems to degrade performance or cause failures, exploiting their resource-intensive nature. Attackers can intentionally trigger resources overload to maliciously disrupt normal operations. 9 Description https://arxiv.org/pdf/2403.16971 AIOS: LLM Agent Operating System

  10. @run2obtain Source: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/ T4: Resource Overload ü Deploy resource management

    controls, implement adaptive scaling mechanisms, establish quotas, and monitor system load in real-time to detect and mitigate overload attempts. ü Implement AI rate-limiting policies to restrict high-frequency task requests per agent session. ü Test your agents to understand operational limits make necessary adjustments 10 Mitigations

  11. @run2obtain Watch out for Part II … meanwhile, checkout how

    Mitigant secures GenAI workloads https://www.mitigant.io/en/platform/security-for-genai 11 Attack Emulation for Amazon Bedrock

  12. @run2obtain Leverage The Mitigant Advantage 12 https://www.mitigant.io/en/platform/cloud-attack-emulation Start your free

    trial TODAY - https://www.mitigant.io/en/sign-up Free Trial