Explore a practical framework to think about and build secure AI agents on Amazon Bedrock AgentCore. This session covers threat modeling specific to agentic workloads, including how agents interact with tools, memory, and external systems, and what you need to watch out for. You'll learn how to apply AWS security best practices across AgentCore services, and walk away with actionable patterns. Suitable for developers and architects building AI agents who want to move from prototype to production with confidence.
What this session is about
Playbook
Editorial commentary · what to actually do about this on Monday
The concept
Threat-modeling agentic workloads specifically — tool surface, memory, external system interactions. Apply AWS security best practices across AgentCore components.
Why it matters
Agent threat models differ meaningfully from API threat models. Your existing security playbook misses tool injection, memory poisoning, and prompt-via-data attacks.
The hard parts
Tool injection (an agent tricked into calling a tool with malicious args). Memory poisoning (an agent's long-term memory corrupted by an attacker). Prompt-via-data (instructions embedded in retrieved content).
Playbook moves
(1) Run STRIDE per agent component (memory, tool registry, planner, executor). (2) Specifically check: who can mutate memory, who can register new tools, who validates tool outputs before they're trusted. (3) Sandbox every tool execution that touches external systems.
The surprise
The most common agent vulnerability in real deployments is *over-broad tool scopes*. Engineers grant tools more permission than needed because it's faster. Audit tool permissions like you audit IAM. Most don't, and it shows up as blast radius when things go wrong.
---
Independent editorial perspective — not an official AWS or speaker statement. Designed for executives evaluating what to brief their teams on next.
Live updates related to this session LIVE
Sourced via Parallel AI Monitor — continuous web watch on 21 topical streams. Updated .
- cisa.gov high confidence Agent safety & prompt injection
CISA, US and International Partners Release Guide to Secure ...
Policy Proposal/Guidance: CISA and international partners released the 'Guide to Secure Adoption of Agentic AI' in May 2026. The guide provides developers, vendors, and operators with best practices for securing agentic AI systems and recommends specific actions to defend against
- cybernews.com high confidence Agent safety & prompt injection
CISA and partners publish new advice on AI agent safety
Policy Proposal/Guidance: CISA and international partners released the 'Guide to Secure Adoption of Agentic AI' in May 2026. The guide provides developers, vendors, and operators with best practices for securing agentic AI systems and recommends specific actions to defend against
- labs.cloudsecurityalliance.org high confidence Agent safety & prompt injection
Comment and Control: GitHub AI Agents as Credential ...
Policy Proposal/Guidance: CISA and international partners released the 'Guide to Secure Adoption of Agentic AI' in May 2026. The guide provides developers, vendors, and operators with best practices for securing agentic AI systems and recommends specific actions to defend against
- oddguan.com high confidence Agent safety & prompt injection
Comment and Control: Prompt Injection to Credential Theft in ...
Policy Proposal/Guidance: CISA and international partners released the 'Guide to Secure Adoption of Agentic AI' in May 2026. The guide provides developers, vendors, and operators with best practices for securing agentic AI systems and recommends specific actions to defend against
- xmpro.com high confidence Decision lineage & audit trails for agents
Decision Traces for Agentic Operations: Why Agents Need ...
XMPro introduced the concept of 'operational memory' powered by decision traces, which capture the reasoning behind specific actions (including exceptions and human judgment) rather than just general rules. This is implemented via a decision trace layer in the orchestration path
External links matched to this session via topic relevance. The KB does not endorse third-party content; verify before citing.