Dealing with increasingly complicated agents

182 snips

Oct 16, 2025

Donato Capitella, a Principal Security Consultant at ReverseSec, shares his insights into the evolving landscape of AI and security. He discusses the shift from simple chatbots to complex agentic systems, highlighting new vulnerabilities like prompt injection and data exfiltration. Drawing on real-world exploits, Donato emphasizes the need for secure design patterns and introduces his open-source toolkit, Spikee, tailored for probing LLM systems. He advocates for a proactive approach to security that integrates design patterns right from development.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Agentic Workflows Are Becoming The Norm

Agentic systems are now common: LLMs calling external tools form loops and orchestrators.
Donato warns this shift turns many apps into agentic workflows with more attack surface.

INSIGHT

Tools Become Public Attack Surfaces

Any tool exposed to an LLM is effectively exposed to anyone who can control LLM input.
Donato stresses that internal APIs turned into tools create new internet-facing attack surfaces.

ADVICE

Enforce Deterministic Authorization For Tools

Enforce deterministic, non-LLM authorization for tool calls and identity passing.
Do not rely on the LLM to decide whether a function can be called in a given context.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

As AI systems move from simple chatbots to complex agentic workflows, new security risks emerge. In this episode, Donato Capitella unpacks how increasingly complicated architectures are making agents fragile and vulnerable. These agents can be exploited through prompt injection, data exfiltration, and tool misuse. Donato shares stories from real-world penetration tests, the design patterns for building LLM agents and explains how his open-source toolkit Spikee (Simple Prompt Injection Kit for Evaluation and Exploitation) is helping red teams probe AI systems.

Featuring:

Donato Capitella – LinkedIn, X
Chris Benson – Website, LinkedIn, Bluesky, GitHub, X
Daniel Whitenack – Website, GitHub, X

Links:

Reversec

Sponsors:

Outshift by Cisco - The open source collective building the Internet of Agents. Backed by Outshift by Cisco, AGNTCY gives developers the tools to build and deploy multi-agent software at scale. Identity, communication protocols, and modular workflows—all in one global collaboration layer. Start building at AGNTCY.org.
Shopify – The commerce platform trusted by millions. From idea to checkout, Shopify gives you everything you need to launch and scale your business—no matter your level of experience. Build beautiful storefronts, market with built-in AI tools, and tap into the platform powering 10% of all U.S. eCommerce. Start your one-dollar trial at shopify.com/practicalai
Fabi.ai - The all-in-one data analysis platform for modern teams. From ad hoc queries to advanced analytics, Fabi lets you explore data wherever it lives—spreadsheets, Postgres, Snowflake, Airtable and more. Built-in Python and AI assistance help you move fast, then publish interactive dashboards or automate insights delivered straight to Slack, email, spreadsheets or wherever you need to share it. Learn more and get started for free at fabi.ai

Upcoming Events:

Join us at the Midwest AI Summit on November 13 in Indianapolis to hear world-class speakers share how they’ve scaled AI solutions. Don’t miss the AI Engineering Lounge, where you can sit down with experts for hands-on guidance. Reserve your spot today!
Register for upcoming webinars here!