Agentic Security Runtime secures AI agents by using dynamic, time-bound credentials and integrating user identity through OAuth 2.0 to ensure least-privilege access and strong authentication. For sensitive operations, it employs out-of-band user approval via CIBA, protecting against unauthorized actions and enhancing the overall security of AI deployments in organizations.
The video discusses the concept of agentic runtime security, focusing on securing AI agents used within organizations. AI agents, which can be built using various programming languages like Python, TypeScript, .NET, or Java, typically run in cloud environments such as AWS Lambda, virtual machines, or containers. These agents need to connect externally to resources like databases, large language model (LLM) providers, or SaaS applications. The key security challenge is governing access to these external connections safely, avoiding traditional static credentials like hardcoded API keys or database passwords.
Instead of static credentials, the recommended approach is to use dynamic credentials that are created just-in-time during each session. These credentials are time-bound and automatically revoked once the session ends, minimizing the risk of misuse if the AI agent is compromised, for example, through prompt injection or jailbreaking. This dynamic, session- and intent-bound access ensures that the AI agent only has the minimum necessary permissions for the specific action it is performing at that moment, reducing standing privileges that could be exploited.
User identity plays a crucial role in this security model since AI agents are often used by human users interacting through interfaces like HTTP. To manage user authentication and authorization, the AI agent integrates with an Identity Provider (IDP) such as Okta or IBM Verify. This integration typically leverages OAuth 2.0 Authorization Code Flow, a widely adopted standard that enables secure single sign-on and delegated access. Through this, the AI agent can understand who the user is and enforce access controls based on their identity and context.
For sensitive operations—such as onboarding or offboarding employees in an HR application—additional security measures are necessary. The video recommends using OAuth 2.0 Client-Initiated Backchannel Authentication (CIBA), which prompts the user on their phone outside the browser context to approve or deny the action. This out-of-band authentication adds a strong layer of protection against unauthorized or malicious commands, such as those that might arise from prompt injection attacks, by requiring explicit user consent for high-risk operations.
Finally, the integration of dynamic credentials, OAuth 2.0, and CIBA is implemented directly within the AI agent’s codebase. The agent evaluates JSON Web Tokens (JWTs), generates and uses dynamic credentials for resource access, and revokes them automatically after use. This comprehensive approach to agentic runtime security ensures that AI agents operate with the least privilege necessary, maintain strong user authentication, and protect sensitive actions, thereby enhancing the overall security posture of AI deployments in organizations.