How to build AI agents your security team will approve
Blog post from Tines
A security engineer's attempt to deploy an AI agent for triaging phishing reports highlights the challenges of integrating governance into AI systems. Despite successful demonstrations, the agent stalls in a security review due to concerns about tool access, misclassification, and accountability. The text emphasizes the need for building governance into AI architecture from the beginning, suggesting that intelligent workflow platforms can help integrate deterministic automation, agentic AI, and human decision-making under a unified governance model. The document outlines the components of AI agents, such as perception layers and reasoning engines, and stresses the importance of guardrails that ensure safe AI actions. It discusses the varying risks associated with different types of AI agents—deterministic, fully autonomous, and human-in-the-loop hybrids—and the importance of human approval, especially for consequential actions. The text also provides a step-by-step blueprint for designing AI agents that align with governance frameworks, stressing the importance of audit trails, phased rollouts, and strong security measures to manage risks like prompt injection. By incorporating governance controls from the outset, AI agents can meet security criteria without requiring extensive post-deployment modifications.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| AI Agents | 19 | 4,874 | 1,103 | 240 | -1% |
| LLM | 5 | 5,172 | 1,006 | 220 | -43% |
| Platform Engineering | 2 | 1,249 | 211 | 81 | -3% |
| Real-time | 1 | 5,457 | 1,338 | 238 | -5% |