Deepu
Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue
#1about 4 minutes
Understanding the current state of AI security challenges
AI systems often have poor judgment, and the security domain is playing catch-up with the rapid evolution of AI agents and protocols.
#2about 3 minutes
Focusing on key OWASP Top 10 risks for developers
Application developers should focus on mitigating sensitive information disclosure and excessive agency, as these have a large attack surface under their control.
#3about 3 minutes
Why traditional RBAC fails for RAG systems
Traditional role-based access control (RBAC) is insufficient for RAG systems due to dynamic context and complex data relationships, necessitating a fine-grained authorization (FGA) approach.
#4about 5 minutes
Implementing OpenFGA to secure RAG data access
OpenFGA uses authorization models and relationship tuples to filter documents from a vector store, ensuring the LLM only receives data the user is permitted to see.
#5about 2 minutes
Mitigating excessive agency with zero trust tool access
Control an AI agent's tool access at the code level using zero trust principles, applying standard RBAC for simple cases and FGA for granular, user-dependent permissions.
#6about 1 minute
Securing third-party API calls using OAuth federation
Use OAuth 2.0 federation to allow AI agents to call third-party APIs on a user's behalf without handling raw credentials, using a broker to manage access tokens.
#7about 1 minute
Adding human guardrails with asynchronous authorization
Implement human-in-the-loop approvals for high-stakes actions by using the CIBA flow to send asynchronous authorization requests to users for confirmation.
#8about 5 minutes
Demoing step-up authorization and system architecture
A live demo showcases step-up authorization where an agent requests user consent before accessing sensitive data, followed by an overview of the application's architecture.
Related jobs
Jobs that call for the skills explored in this talk.
IGEL Technology GmbH
Bremen, Germany
Senior
Java
IT Security
Wilken GmbH
Ulm, Germany
Senior
Amazon Web Services (AWS)
Kubernetes
+1
Matching moments
05:16 MIN
Addressing security risks and guardrails for agentic AI
Unlocking Value from Data: The Key to Smarter Business Decisions-
03:42 MIN
Addressing the security challenges of AI agents
API‑First: How Twilio Designs for Developers - Justin Kitagawa (Twilio)
02:46 MIN
Overcoming legal and security roadblocks for AI adoption
The AI Skills Gap: What Tech Leaders Must Get Right
03:19 MIN
The overlooked security risks of AI and LLMs
WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking
07:10 MIN
Managing the fear, accountability, and risks of AI
Collaborative Intelligence: The Human & AI Partnership
16:49 MIN
Q&A on AI adoption, tools, and challenges
Navigating the AI Wave in DevOps
01:47 MIN
Evaluating the security risks of third-party AI agents
GenAI Security: Navigating the Unseen Iceberg
01:40 MIN
Addressing AI limitations with human oversight and security
Make it simple, using generative AI to accelerate learning
Featured Partners
Related Videos
29:00Beyond the Hype: Building Trustworthy and Reliable LLM Applications with Guardrails
Alex Soto
24:33GenAI Security: Navigating the Unseen Iceberg
Maish Saidel-Keesing
26:47The State of GenAI & Machine Learning in 2025
Alejandro Saucedo
30:36The AI Security Survival Guide: Practical Advice for Stressed-Out Developers
Mackenzie Jackson
29:03On a Secret Mission: Developing AI Agents
Jörg Neumann
28:27AI & Ethics
PJ Hagerty
24:12From A2A to MCP: How AI’s “Brains” are Connecting to “Arms and Legs”
Brad Axen
29:28Tackling the Risks of AI - With AI
Kai Grunwitz, Klaus Bürg & Tomislav Tipurić
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
IO Sphere
Charing Cross, United Kingdom
£50-55K
Robert Ragge GmbH
Senior
API
Python
Terraform
Kubernetes
A/B testing
+3