Agentic AI security: Threat modeling + Controls for AI agents (Permissions, Tool-use Constraints, Auditability, kill-Switch Design)
Main Article Content
Abstract
The rapid emergence of agentic artificial intelligence systems introduces a fundamental shift in cybersecurity risk, as autonomous AI agents increasingly possess persistent memory, goal-driven planning, and the ability to invoke external tools and services. Unlike traditional AI models, agentic systems act continuously within operational environments, expanding the attack surface and challenging existing security and governance frameworks. This article examines security risks specific to agentic AI through a structured threat modeling lens, focusing on vulnerabilities arising from autonomy, recursive decision-making, and multi-agent interaction. It further analyzes technical and organizational control mechanisms designed to constrain agent behavior, including permission scoping, tool-use restrictions, auditability, and safe interruption mechanisms.
By synthesizing recent research on agent architectures, trust and risk management, and ethical governance, the article argues that securing agentic AI requires a layered defense strategy that integrates architectural safeguards, runtime controls, and institutional oversight. The study contributes to the growing literature on AI security by clarifying how control surfaces and governance mechanisms can be systematically designed to ensure accountability, resilience, and safe deployment of autonomous AI agents in real-world systems.
Downloads
Download data is not yet available.
Article Details
How to Cite
Sharma, A. (2025). Agentic AI security: Threat modeling + Controls for AI agents (Permissions, Tool-use Constraints, Auditability, kill-Switch Design). SAMRIDDHI : A Journal of Physical Sciences, Engineering and Technology, 17(02), 47-60. https://doi.org/10.18090//samriddhi.v17i02.08
Section
Research Article
References
[1] Lazer, S. J., Aryal, K., Gupta, M., & Bertino, E. (2026). A Survey of
Agentic AI and Cybersecurity: Challenges, Opportunities and
Use-case Prototypes. arXiv preprint arXiv:2601.05293.
[2] Jaykumar Ambadas Maheshkar. (2024). Intelligent CI/CD
Pipelines Using AI-Based Risk Scoring for FinTech Application
Releases. Acta Scientiae, 25(1), 90–108. https://www.periodicos.
ulbra.org/index.php/acta/article/view/532
[3] Huang, K., & Hughes, C. (2025). AI Agents Life Cycle and
Security Considerations. In Securing AI Agents: Foundations,
Frameworks, and Real-World Deployment (pp. 113-144). Cham:
Springer Nature Switzerland.
[4] Khan, R., Joyce, D., & Habiba, M. (2025). AGENTSAFE: A Unified
Framework for Ethical Assurance and Governance in Agentic
AI. arXiv preprint arXiv:2512.03180.
[5] Raza, S., Sapkota, R., Karkee, M., & Emmanouilidis, C. (2025). Trism
for agentic ai: A review of trust, risk, and security management
in llm-based agentic multi-agent systems. arXiv preprint
arXiv:2506.04133.
[6] Gaikwad, M. (2025). The Control Surface: Architectural
Questions for Agentic AI Systems.’
[7] Alqithami, S. (2026). Autonomous Agents on Blockchains:
Standards, Execution Models, and Trust Boundaries. arXiv
preprint arXiv:2601.04583.
[8] Koubaa, A. (2025). Agent Operating Systems (Agent-OS): A
Blueprint Architecture for Real-Time, Secure, and Scalable AI
Agents. Authorea Preprints.
[9] Maheshkar, J. A. (2023). Automated code vulnerability
detection in FinTech applications using AI-Based static analysis.
Academic Social Research, 9(3), 1–24. https://doi.org/10.13140/
RG.2.2.32960.80648
[10] Huang, K., & Hughes, C. (2025). Agentic AI Reinforcement
Learning and Security. In Securing AI Agents: Foundations,
Frameworks, and Real-World Deployment (pp. 169-205). Cham:
Springer Nature Switzerland.
[11] Nowaczyk, S. Ĺ. (2025). Architectures for Building Agentic AI.
arXiv preprint arXiv:2512.09458.
[12] Maheshkar, J. A. (2023). AI-Assisted Infrastructure as Code
(IAC) validation and policy enforcement for FinTech systems.
Academic Social Research, 9(4), 20–44. https://doi.org/10.13140/
rg.2.2.26249.92002
[13] Williams, T., Lee, J., Cosgrove, J., Saade, T., & Kang, T. (2025).
The Infrastructure Gap: Why Platform Security Cannot Protect
Against Agentic Attacks. Available at SSRN 5928236.
[14] Farooq, A., Raza, S., Karim, M. N., Iqbal, H., Vasilakos, A. V., &
Emmanouilidis, C. (2025). Evaluating and regulating
agentic ai: A study of benchmarks, metrics, and regulation.
Metrics, and Regulation.
[15] Di Maggio, L. G. (2025). Toward Autonomous LLM-Based AI
Agents for Predictive Maintenance: State of the Art, Challenges,
and Future Perspectives. Applied Sciences, 15(21), 11515.
[16] Maheshkar, J. A. (2024b, September 20). AI-Driven FinOps:
Intelligent Budgeting and Forecasting in Cloud Ecosystems.
https://eudoxuspress.com/index.php/pub/article/view/4128
[17] Sandhu, G. S. (2025). A Combination-Therapy Stack for
Governing Frontier-Scale AI. Available at SSRN 5467006.
[18] Aeon, B. (2025). The future of productivity: digital surrogacy.
AI & SOCIETY, 1-19.
[19] Youvan, D. C. (2026). Agentic AI Under Pure Profit: No
Governance, No Brakes, and the Unraveling of Accountability.
[20] Lizzio, A. (2025). Unlocking Consciousness in AI-Operating,
Testing, Deploying, and Evolving Ethical AI Systems (Part 3 of 3).
[21] Cornu, J. M. (2025). A Frugal Hybrid Architecture for Local AI
Marrying Tiny Recursive Models and External Memory.
[22] Maheshkar, J. A. (2025). Bridging the Gap: A Systematic
Framework for Agentic AI Root Cause Analysis in Hybrid
Distributed Systems. Acta Scientiae, 26(1), 228–245. https://www.
periodicos.ulbra.org/index.php/acta/article/view/502
[23] Youvan, D. C. (2025). It from Qubits from the Aether: A Taxonomy
of Unexpected Entities, Nonlinear Effects, and Moral Hazards
at the Substrate Boundary.
[24] Kumar, S. (2007). Patterns in the daily diary of the 41st
president, George Bush (Doctoral dissertation, Texas A&M
University).
[25] Uppuluri, V. (2019). The Role of Natural Language Processing
(NLP) in Business Intelligence (BI) for Clinical Decision Support.
ISCSITR-INTERNATIONAL JOURNAL OF BUSINESS
INTELLIGENCE (ISCSITR-IJBI), 1(2), 1-21.
[26] Njuguna, L. W. (2024). AI-Assisted Digital Forensics for
National Security Investigations. International Journal of
Technology, Management and Humanities, 10(01), 125-
146.
[27] Abraham, U. I. (2020). Deforestation, Air Quality Degradation
and Increased Cardiopulmonary Diseases. SRMS JOURNAL
OF MEDICAL SCIENCE, 5(02).
[28] Abraham, U. I. (2022). Immigration Positive Impact in Modifying,
Prevention of Genetically Induced Diseases ―Obesity, Cancer‖.
SRMS JOURNAL OF MEDICAL SCIENCE, 7(01).
[29] Uppuluri, V. (2020). Integrating behavioral analytics with clinical
trial data to inform vaccination strategies in the US retail sector.
J Artif Intell Mach Learn & Data Sci, 1(1), 3024-3030.
[30] Goel, Nayan. (2024). CLOUD SECURITY CHALLENGES AND
BEST PRACTICES. Journal of Tianjin University Science and
Technology. 57. 571-583. 10.5281/zenodo.17163793.
[31] Jaykumar Ambadas Maheshkar. (2024). Intelligent CI/CD
Pipelines Using AI-Based Risk Scoring for FinTech Application
Releases. Acta Scientiae, 25(1), 90–108. https://www.periodicos.
ulbra.org/index.php/acta/article/view/532
[32] Rehan, H. (2024). Scalable Cloud Intelligence for Preventive and
Personalized Healthcare. Pioneer Research Journal of Computing
Science, 1(3), 80-105.
[33] Goel, Nayan. (2024). ZERO-TRUST AI SECURITY: INTEGRATING
AI INTO ZERO-TRUST ARCHITECTURES. Journal of Tianjin
University Science and Technology. 57. 158-173. 10.5281/
zenodo.17149652.
[34] Kumar, S., Loo, L., & Kocian, L. (2024, October). Blockchain
Applications in Cyber Liability Insurance. In 2nd International
Conference on Blockchain, Cybersecurity and Internet of Things,
BCYIoT.
Agentic AI and Cybersecurity: Challenges, Opportunities and
Use-case Prototypes. arXiv preprint arXiv:2601.05293.
[2] Jaykumar Ambadas Maheshkar. (2024). Intelligent CI/CD
Pipelines Using AI-Based Risk Scoring for FinTech Application
Releases. Acta Scientiae, 25(1), 90–108. https://www.periodicos.
ulbra.org/index.php/acta/article/view/532
[3] Huang, K., & Hughes, C. (2025). AI Agents Life Cycle and
Security Considerations. In Securing AI Agents: Foundations,
Frameworks, and Real-World Deployment (pp. 113-144). Cham:
Springer Nature Switzerland.
[4] Khan, R., Joyce, D., & Habiba, M. (2025). AGENTSAFE: A Unified
Framework for Ethical Assurance and Governance in Agentic
AI. arXiv preprint arXiv:2512.03180.
[5] Raza, S., Sapkota, R., Karkee, M., & Emmanouilidis, C. (2025). Trism
for agentic ai: A review of trust, risk, and security management
in llm-based agentic multi-agent systems. arXiv preprint
arXiv:2506.04133.
[6] Gaikwad, M. (2025). The Control Surface: Architectural
Questions for Agentic AI Systems.’
[7] Alqithami, S. (2026). Autonomous Agents on Blockchains:
Standards, Execution Models, and Trust Boundaries. arXiv
preprint arXiv:2601.04583.
[8] Koubaa, A. (2025). Agent Operating Systems (Agent-OS): A
Blueprint Architecture for Real-Time, Secure, and Scalable AI
Agents. Authorea Preprints.
[9] Maheshkar, J. A. (2023). Automated code vulnerability
detection in FinTech applications using AI-Based static analysis.
Academic Social Research, 9(3), 1–24. https://doi.org/10.13140/
RG.2.2.32960.80648
[10] Huang, K., & Hughes, C. (2025). Agentic AI Reinforcement
Learning and Security. In Securing AI Agents: Foundations,
Frameworks, and Real-World Deployment (pp. 169-205). Cham:
Springer Nature Switzerland.
[11] Nowaczyk, S. Ĺ. (2025). Architectures for Building Agentic AI.
arXiv preprint arXiv:2512.09458.
[12] Maheshkar, J. A. (2023). AI-Assisted Infrastructure as Code
(IAC) validation and policy enforcement for FinTech systems.
Academic Social Research, 9(4), 20–44. https://doi.org/10.13140/
rg.2.2.26249.92002
[13] Williams, T., Lee, J., Cosgrove, J., Saade, T., & Kang, T. (2025).
The Infrastructure Gap: Why Platform Security Cannot Protect
Against Agentic Attacks. Available at SSRN 5928236.
[14] Farooq, A., Raza, S., Karim, M. N., Iqbal, H., Vasilakos, A. V., &
Emmanouilidis, C. (2025). Evaluating and regulating
agentic ai: A study of benchmarks, metrics, and regulation.
Metrics, and Regulation.
[15] Di Maggio, L. G. (2025). Toward Autonomous LLM-Based AI
Agents for Predictive Maintenance: State of the Art, Challenges,
and Future Perspectives. Applied Sciences, 15(21), 11515.
[16] Maheshkar, J. A. (2024b, September 20). AI-Driven FinOps:
Intelligent Budgeting and Forecasting in Cloud Ecosystems.
https://eudoxuspress.com/index.php/pub/article/view/4128
[17] Sandhu, G. S. (2025). A Combination-Therapy Stack for
Governing Frontier-Scale AI. Available at SSRN 5467006.
[18] Aeon, B. (2025). The future of productivity: digital surrogacy.
AI & SOCIETY, 1-19.
[19] Youvan, D. C. (2026). Agentic AI Under Pure Profit: No
Governance, No Brakes, and the Unraveling of Accountability.
[20] Lizzio, A. (2025). Unlocking Consciousness in AI-Operating,
Testing, Deploying, and Evolving Ethical AI Systems (Part 3 of 3).
[21] Cornu, J. M. (2025). A Frugal Hybrid Architecture for Local AI
Marrying Tiny Recursive Models and External Memory.
[22] Maheshkar, J. A. (2025). Bridging the Gap: A Systematic
Framework for Agentic AI Root Cause Analysis in Hybrid
Distributed Systems. Acta Scientiae, 26(1), 228–245. https://www.
periodicos.ulbra.org/index.php/acta/article/view/502
[23] Youvan, D. C. (2025). It from Qubits from the Aether: A Taxonomy
of Unexpected Entities, Nonlinear Effects, and Moral Hazards
at the Substrate Boundary.
[24] Kumar, S. (2007). Patterns in the daily diary of the 41st
president, George Bush (Doctoral dissertation, Texas A&M
University).
[25] Uppuluri, V. (2019). The Role of Natural Language Processing
(NLP) in Business Intelligence (BI) for Clinical Decision Support.
ISCSITR-INTERNATIONAL JOURNAL OF BUSINESS
INTELLIGENCE (ISCSITR-IJBI), 1(2), 1-21.
[26] Njuguna, L. W. (2024). AI-Assisted Digital Forensics for
National Security Investigations. International Journal of
Technology, Management and Humanities, 10(01), 125-
146.
[27] Abraham, U. I. (2020). Deforestation, Air Quality Degradation
and Increased Cardiopulmonary Diseases. SRMS JOURNAL
OF MEDICAL SCIENCE, 5(02).
[28] Abraham, U. I. (2022). Immigration Positive Impact in Modifying,
Prevention of Genetically Induced Diseases ―Obesity, Cancer‖.
SRMS JOURNAL OF MEDICAL SCIENCE, 7(01).
[29] Uppuluri, V. (2020). Integrating behavioral analytics with clinical
trial data to inform vaccination strategies in the US retail sector.
J Artif Intell Mach Learn & Data Sci, 1(1), 3024-3030.
[30] Goel, Nayan. (2024). CLOUD SECURITY CHALLENGES AND
BEST PRACTICES. Journal of Tianjin University Science and
Technology. 57. 571-583. 10.5281/zenodo.17163793.
[31] Jaykumar Ambadas Maheshkar. (2024). Intelligent CI/CD
Pipelines Using AI-Based Risk Scoring for FinTech Application
Releases. Acta Scientiae, 25(1), 90–108. https://www.periodicos.
ulbra.org/index.php/acta/article/view/532
[32] Rehan, H. (2024). Scalable Cloud Intelligence for Preventive and
Personalized Healthcare. Pioneer Research Journal of Computing
Science, 1(3), 80-105.
[33] Goel, Nayan. (2024). ZERO-TRUST AI SECURITY: INTEGRATING
AI INTO ZERO-TRUST ARCHITECTURES. Journal of Tianjin
University Science and Technology. 57. 158-173. 10.5281/
zenodo.17149652.
[34] Kumar, S., Loo, L., & Kocian, L. (2024, October). Blockchain
Applications in Cyber Liability Insurance. In 2nd International
Conference on Blockchain, Cybersecurity and Internet of Things,
BCYIoT.