Article Brief
Why this article matters
Securing agentic AI today means juggling latency-sensitive guardrails, stale threat models, and fragmented tooling—with no unified standard in sight. This post unpacks the A2AS paper's two key artifacts: the BASIC mental model (Boundary, Authentication, Secrecy, Integrity, Consent) and the open-source A2AS Python framework with its policy-markup system. You'll see how each maps to real attack classes (user→agent, agent→tool, agent→agent), honest limitations, and whether it's practical enough to adopt in your own stack.
AI Security Series
Part 3 of 5- 1Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection
- 2DemonAgent Exposed: Understanding Multi-Backdoor Implantation Attacks on LLMs
- 3A2AS: A New Standard for Security in Agentic AI Systems
- 4MCP Security for Enterprise Organizations: Real-world experiences and advanced defense
- 5Rules vs. Skills: Creating Secure AI Context in Engineering Teams
Continue Reading
Next steps in the archive
Newer article
MCP Security for Enterprise Organizations: Real-world experiences and advanced defense
A personal reflection and technical analysis on the MCP protocol, from the challenge of presenting to the community to the real-world methods and risks in AI Security, MCP Server, and recommended defenses for organizations. Includes resources, papers, and key sites for modern research in AI agent security.
Older article
DemonAgent Exposed: Understanding Multi-Backdoor Implantation Attacks on LLMs
This blog post article about the great DemonAgent research paper shows how attackers can implant multiple backdoors in LLM-based agents and the technical mechanisms behind these attacks
Keep Exploring
Related reading
Continue through adjacent topics with the strongest tag overlap.
MCP Security for Enterprise Organizations: Real-world experiences and advanced defense
A personal reflection and technical analysis on the MCP protocol, from the challenge of presenting to the community to the real-world methods and risks in AI Security, MCP Server, and recommended defenses for organizations. Includes resources, papers, and key sites for modern research in AI agent security.
Rules vs. Skills: Creating Secure AI Context in Engineering Teams
At my company we ran into a familiar question while scaling AI coding assistants: when should context live in a Rule or `CLAUDE.md`, and when does it deserve a Skill...
DemonAgent Exposed: Understanding Multi-Backdoor Implantation Attacks on LLMs
This blog post article about the great DemonAgent research paper shows how attackers can implant multiple backdoors in LLM-based agents and the technical mechanisms behind these attacks