I'm very excited to announce the CSA's publication of my newest research paper on secure agentic…

I'm very excited to announce the CSA's publication of my newest research paper on secure agentic system design!

"Secure Agentic System Design: A Trait-Based Approach." (Linked in comments!)

We're building systems with AI that can learn, adapt, and make autonomous decisions. But our security models are still rooted in an era of predictable, deterministic software. This creates a critical security gap. How do you effectively secure a system that is non-deterministic by design?

Our paper directly confronts that challenge. We introduce a new, proactive methodology called the "trait-based approach" to secure agentic systems from the ground up.

Instead of applying old rules to a new paradigm, this framework helps you:

🏗️ Deconstruct complex agentic systems into their core behavioral traits (like control, communication, and planning).

🤖 Understand the novel attack surfaces and failure modes that arise from autonomy and emergent behavior.

📐 Integrate security into the earliest architectural stages, making it a proactive part of the design process.

⚖️ Make informed decisions by analyzing the security trade-offs of different patterns such as fully distributed vs. orchestrated control.

This is a practical guide for system architects, security professionals, and AI practitioners moving beyond traditional security assumptions.

It's dense with information and 75 pages long, but don't let that scare you - we've also cooked up a prompt linked in the comments that you can use with the PDF to turn it into an interactive threat modeling guide based on the principles of the paper so give it a try!

A huge thank you to my co-author Ken Huang, CISSP and to our contributors, co-chairs and CSA staff!

Akram Sheriff, Manish Mishra, Aditya Garg, Victor Lu, Michael Roza, Candy Alexander, Anirudh Murali, Scotty Andrade, Mark Yanalitis, Chris Kirschke, Josh Buker