The BoringAppSec Community

The BoringAppSec Community

Playback speed
×
Share post
Share post at current time
0:00
/
0:00
Transcript

Ep 29: Architecting AI Security: Standards and Agentic Systems with Ken Huang

Sandesh Mysore Anand's avatar
Anshuman Bhartiya's avatar
Sandesh Mysore Anand and Anshuman Bhartiya
Nov 25, 2025

In this episode, we sit down with Ken Huang, a core architect behind modern AI security standards, to discuss the revolutionary challenges posed by agentic AI systems. Ken, who chairs the OWASP AIVSS project and co-chairs the AI safety working groups at the Cloud Security Alliance, breaks down how security professionals are writing the rulebook for a future driven by autonomous agents.

Key Takeaways

AIVSS for Non-Deterministic Risk: The OWASP AIVSS project aims to provide a quantitative measure for core agent AI risks by applying an agent AI risk factor on top of CVSS, specifically addressing the autonomy and non-deterministic nature of AI agents.

Need for Task-Scoped IAM: Traditional OAuth and SAML are inadequate for agentic systems because they provide coarse-grained, session-scoped access control. New authentication standards must be task-scoped, dynamically removing access once a specific task is complete, and driven by verifying the agent’s intent.

A2A Security Requires New Protocols: Agent-to-Agent communication (A2A) introduces security issues beyond traditional API security (like BOLA). New systems must utilize protocols for Agent Capability Discovery and Negotiation—validated by digital signatures—to ensure the trustworthiness and promised quality of service from interacting agents.

Goal Manipulation is a Critical Threat: Sophisticated attacks often utilize context engineering to execute goal manipulation against agents. These attacks include gradually shifting an agent’s objective (crescendo attack), using prompt injection to force the agent to expose secrets (malicious goal expansion), and forcing endless processing loops (exhaustion loop/denial of wallet).

Tune in for a deep dive!

Connect with Ken:

LinkedIn: kenhuang8

Company Website: https://distributedapps.ai/

Substack: https://kenhuangus.substack.com/

Paper (Agent Capability Negotiation and Binding Protocol): https://arxiv.org/abs/2506.13590

Book (Securing AI Agents): https://www.amazon.com/Securing-AI-Agents

AIVSS: https://aivss.owasp.org/

Connect with Anshuman:

LinkedIn: ⁠⁠⁠⁠anshumanbhartiya

X: ⁠⁠⁠⁠https://x.com/anshuman_bh

Website: ⁠⁠⁠⁠https://anshumanbhartiya.com/

⁠⁠⁠⁠Instagram: anshuman.bhartiya

Connect with Sandesh:

LinkedIn: ⁠⁠⁠⁠ anandsandesh

X: ⁠⁠⁠⁠https://x.com/JubbaOnJeans

The Boring AppSec Community
E1-27: Getting the Boring aspects of AppSec right E28+: All aspects of building AppSec products
By Sandesh Mysore Anand

Ready for more?

© 2026 Sandesh Mysore Anand · PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture