You Can't Secure What You Can't Categorize: A Taxonomy for AI Agents

In the rapidly evolving landscape of AI-driven systems, organizations are grappling with the challenges of integrating intelligent agents while ensuring security and functionality. A gaming company's experience with an AI SRE agent highlights both the potential and risks of such technology, as the agent initially excelled in managing incidents but later caused a denial-of-service attack by overwhelming the system's monitoring APIs. This incident underscores the industry's lack of a clear mental model for securing AI agents, which often leads to either overly restrictive implementations or unintended vulnerabilities. The article discusses the spectrum of autonomy in AI systems, ranging from deterministic automated workflows to fully agentic systems, emphasizing the importance of permissions as a fundamental control mechanism. It argues for a balance between leveraging non-deterministic capabilities and implementing robust security measures, such as simulation, automatic permission tightening, and improved visibility, to enable the safe and effective deployment of AI agents. The goal is to build infrastructure that supports powerful yet secure agents, a crucial step for advancing AI technology in this decade.