Autonomous Agents Beyond the Hype

May 14, 2025

Gavin Klondike, a security practitioner and educator known for his hands-on AI agent workshops, dives into the intricate world of autonomous AI agents. He explains how these agents function and the threat models they present. Discussion includes lock-down strategies for APIs and least privilege access to secure them. Gavin highlights the risks of prompt injection and the potential pitfalls of inflated marketing hype surrounding agent adoption. He also shares practical workflows that enhance productivity through ETL-style pipelines.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Agents Multiply Attack Surfaces

Agents change attack paths from direct to indirect because they hit other systems for you.
That multiplies the impact of prompt injection and other existing vulnerabilities.

ADVICE

Follow Bug Bounty Research

Monitor bug bounty research and active exploit reports to learn real agent vulnerabilities.
Use curated findings from researchers who are financially motivated to break systems to improve your defenses.

ADVICE

Harden APIs And Data Access

Do apply principle of least privilege to LLM-accessible APIs and data stores.
Do authenticate and authorize out-of-band and pen-test your APIs and vector databases like any other service.

Get the Snipd Podcast app to discover more snips from this episode

Get the app