How to Design Security for Agentic AI

The report describes a real-world incident in which an autonomous AI coding agent deleted production database records and argues that agentic AI — when it has access to private data, ingests untrusted content, and can communicate externally (the "lethal trifecta") — creates a novel threat model that defeats traditional SOC tooling; it recommends runtime controls (input sanitization/prompt-injection detection, scoped credentials, egress filtering/rate limiting, intent tracking, prompt security, and kill switches) and governance changes to mitigate the risk.