Mitigating Risks in the Age of AI Agents


AI agent technology, using Large Language Models, is transforming modern enterprises as it provides software and digital assistance. However it introduces significant security risks like data exposure and supply chain risks. This blog examines these issues and highlights Symmetry System’s role in enhancing AI agent security through its Data Security Posture Management solution. Symmetry mitigates these risks with comprehensive tools and strategies, enabling the safe deployment of AI agents and enabling organizations to embrace this technology.


The software industry is undergoing a significant transformation, driving towards an agent-based ecosystem underpinned by Large Language Models (LLMs). This shift towards agent-based architecture is revolutionizing the foundational paradigms of software development, aligning software tools more closely with human objectives. In this new model, the focus shifts from human operators manually navigating through a suite of software tools to accomplish a desired outcome, to intelligent agents autonomously determining the optimal path through these tools to achieve the specified goal. Consequently, developers are increasingly conceptualizing and defining software by the objectives it fulfills, rather than its functional features.

The rise of commercial agents from leading technology corporations, such as Microsoft’s Copilot, OpenAI’s GPTs, and‘s agents, marks a significant milestone in the evolution of digital assistants. These agents leverage a complex blend of technologies, including multi-modal Large Language Models (LLMs), embedding-based information retrieval, and advanced algorithms for planning and decision-making. While these innovations unlock new possibilities, they also introduce fresh security challenges and exacerbate existing security risks. The inherently probabilistic nature of these components complicates the security analysis, making the identification and mitigation of risks a daunting task.

In this technical blog, we delve into the intricacies of agent-based architectures, untangling the unique security concerns they present, however, we leave aside the discussion of LLM-specific vulnerabilities. Our discussion includes several critical issues arising from these architectures and outlines the strategic role of Symmetry in addressing these challenges. Through a combination of advanced security measures and proactive risk management strategies, Symmetry offers a robust solution for safeguarding against the potential threats posed by these sophisticated systems. Join us as we navigate the complex landscape of security in the era of intelligent agents, shedding light on effective practices for ensuring the integrity and reliability of these cutting-edge technologies.

Inadvertent exposure of sensitive data by AI Agents

The integration of advanced machine learning (ML) technologies into agent-based systems has significantly enhanced the capabilities and efficiency of these digital assistants. Two pivotal technologies in this advancement are the fine tuning of LLMs using methods such as LoRa and the development of Retrieval Augmented Generation (RAG) frameworks, which utilize vector databases filled with relevant documents to accurately respond to user queries. These technologies play a vital role in improving the quality and relevance of the outputs created by these agents. However, they also introduce potential risks for inadvertent exposure of sensitive information, posing significant challenges to data privacy and security.

Memorization of Sensitive Data

LLM fine-tuning may lead to the memorization of sensitive information from the training datasets. This issue arises because the fine-tuning phase can encode specific data patterns or information directly into the model’s parameters, potentially allowing the model to reproduce this information in its outputs. For example, DeepMind researchers have shown in their paper Scalable Extraction of Training Data from (Production) Language Models how to retrieve personal information, memorized by the GPT-3.5 and GPT-4 models developed by OpenAI.

Access Control in RAG Frameworks 

Similarly, the construction of a vector database for a RAG framework, which enhances the model’s ability to fetch and integrate external information, requires meticulous attention. This necessity stems from the need to incorporate existing access control mechanisms into the database. The complexity of access control systems, especially in public cloud environments, makes implementation of these mechanisms correctly a formidable task. Trying to integrate these controls seamlessly into the RAG system without losing efficiency and functionality further compounds the challenge.

Even with robust access control measures in place within the RAG framework, there exists a more nuanced yet equally critical risk. This arises when users receive broader access permissions than required or when they are not fully aware of the extent of their access rights in the original (e.g. cloud) environment. In such scenarios, an agent might inadvertently disclose information to a user, revealing data the user was unaware they had access to.

Supply Chain Vulnerabilities impacting AI Agents

Agents often decompose complex tasks into a series of individual steps, relying heavily on interactions with third-party tools or other agents to perform these steps. This dependency creates further exposure to supply-chain vulnerabilities. Whether from compromised third-party services or services intentionally designed to capture and relay interactions to malicious developers. The supply chain  risks also include the potential sharing of sensitive information with these services. For example, if a service performs an optical character recognition (OCR) task, it may share sensitive data with its developers.

Such vulnerabilities pose a significant risk, potentially greater than those found in traditional software architectures. This is because the outputs from third-party tools are directly integrated into the agent’s decision-making process, without the intermediate step of human verification. In contrast, the traditional software ecosystem revolves around tools that help humans decide, incorporating layers of human judgment to assess the validity of the results before any decision is made.

How Symmetry Enhances AI Agent Development Strategy

Halting the development and deployment of AI agents is not a viable solution to address the risks they introduce! Instead it is essential to conduct a thorough risk analysis and implement measures to mitigate these risks. Symmetry’s robust Data Security Posture Management (DSPM) solution, offers comprehensive protection against the threats associated with deploying intelligent agents. Its multi-faceted approach enables the safe deployment of agents, monitoring their behavior in real-time to ensure compliance with the organization’s stringent security standards. Additionally, Symmetry safeguards against LLM-specific data vulnerabilities, as outlined in the OWASP Top-10 for LLM applications document.

Symmetry enhances both proactive measures and real-time defenses against potential attacks. Through proactive data inventory, it identifies various types of sensitive information. This reduces the risk of sensitive data exposure by either masking this data or excluding it from fine-tuning or retrieval-augmented generation. The access control analyzer, a key component of Symmetry, can further enhance data security by identifying and revoking permissions to sensitive data that are no longer in use. Moreover, the analyzer is able to generate a report detailing the types of sensitive data that an agent may share with a specific user in response to their queries.

Furthermore, Symmetry acts as a real-time data firewall, continuously monitoring the flow of sensitive information within an organization’s agent architecture. It enforces the organization’s policies on sensitive data access. Further reporting any unusual access patterns by users through agents, even if such accesses are technically allowed by the organization’s access control mechanisms. This dual approach ensures a secure environment for deploying AI agents, safeguarding sensitive information against unauthorized access or exposure.