AI systems often have poor judgment, and the security domain is playing catch-up with the rapid evolution of AI agents and protocols.
Application developers should focus on mitigating sensitive information disclosure and excessive agency, as these have a large attack surface under their control.
Traditional role-based access control (RBAC) is insufficient for RAG systems due to dynamic context and complex data relationships, necessitating a fine-grained authorization (FGA) approach.
OpenFGA uses authorization models and relationship tuples to filter documents from a vector store, ensuring the LLM only receives data the user is permitted to see.
Control an AI agent's tool access at the code level using zero trust principles, applying standard RBAC for simple cases and FGA for granular, user-dependent permissions.
Use OAuth 2.0 federation to allow AI agents to call third-party APIs on a user's behalf without handling raw credentials, using a broker to manage access tokens.
Implement human-in-the-loop approvals for high-stakes actions by using the CIBA flow to send asynchronous authorization requests to users for confirmation.
A live demo showcases step-up authorization where an agent requests user consent before accessing sensitive data, followed by an overview of the application's architecture.
ROSEN Technology and Research Center GmbH
Lingen (Ems), Germany
29:00Alex Soto
24:33Maish Saidel-Keesing
26:47Alejandro Saucedo
56:27Luke Hinds
30:36Mackenzie Jackson
29:03Jörg Neumann
28:27PJ Hagerty
24:12Brad Axen
Jobs that call for the skills explored in this talk.
StaffRight Associates
Collaboration Betters The World GmbH
OpenAI Inc.
New York, United States of America
