ChaptersEventsBlog
We're exploring how organizations adapt IAM to AI. Take the AI Identity and Risk Readiness Survey by September 5 →

Download Publication

Secure Agentic System Design: A Trait-Based Approach
Secure Agentic System Design: A Trait-Based Approach
Who it's for:
  • System architects and designers
  • Security professionals using autonomous systems
  • AI practitioners
  • Technical decision-makers

Secure Agentic System Design: A Trait-Based Approach

Release Date: 07/30/2025

Updated On: 08/07/2025

Thanks to powerful reasoning models, AI agents are making more nuanced decisions and interacting more effectively with their environments. At the same time, AI researchers continue to develop more dedicated agentic AI frameworks and platforms. These platforms enable a wider range of organizations to leverage the power of autonomous agents. The combination of advanced reasoning models and readily available agentic frameworks creates a perfect storm for widespread enterprise adoption.

This publication from the CSA AI Technology and Risk Working Group addresses the unique security challenges of agentic AI. As AI transitions from passive tools to autonomous decision-makers, traditional security frameworks struggle to contextualize these new risks. Instead, we need a trait-based approach to agentic system security that identifies fundamental patterns in agent behavior and their associated vulnerabilities.

By mapping security concerns directly to architectural choices, this guidance enables system designers to integrate security into the earliest stages of the design. Following this roadmap will allow designers to securely build our autonomous future.

Key Takeaways:
  • The identifying characteristics and unique security challenges of agentic systems
  • Why securing agentic systems requires a fundamental shift from a "perimeter defense" mentality to a "Zero Trust, continuous verification" one
  • What a trait-based approach to agentic system design looks like
  • Key traits and patterns, including orchestration, communication, planning, perception and context, agent learning, trust, and tool usage
  • The need for close collaboration between AI practitioners, security professionals, and system architects
Download this Resource

Bookmark
Share
Related resources
Agentic AI Identity and Access Management: A New Approach
Agentic AI Identity and Access Management: A Ne...
Zero Trust Guidance for Small and Medium Size Businesses (SMBs) - Korean Translation
Zero Trust Guidance for Small and Medium Size B...
Healthcare Confidential Computing and the Trusted Execution Environment
Healthcare Confidential Computing and the Trust...
Vulnerability Management Needs Agentic AI for Scale and Humans for Sense
Vulnerability Management Needs Agentic AI for Scale and Humans for ...
Published: 08/22/2025
Announcing the AI Controls Matrix and ISO/IEC 42001 Mapping — and the Roadmap to STAR for AI 42001
Announcing the AI Controls Matrix and ISO/IEC 42001 Mapping — and t...
Published: 08/20/2025
"Set It and Forget It” Access Control is No Longer Enough
"Set It and Forget It” Access Control is No Longer Enough
Published: 08/20/2025
Securing the Agentic AI Control Plane: Announcing the MCP Security Resource Center
Securing the Agentic AI Control Plane: Announcing the MCP Security ...
Published: 08/20/2025
Cloudbytes Webinar Series
Cloudbytes Webinar Series
January 1 | Virtual

Acknowledgements

Anirudh Murali
Anirudh Murali
Principal Engineer, Agentic AI Security

Anirudh Murali

Principal Engineer, Agentic AI Security

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Michael Roza is a seasoned risk, audit, control and compliance, and cybersecurity professional with over 20 years of experience across multinational enterprises and startups. As a Cloud Security Alliance (CSA) Research member for over 10 years, he has led and contributed to more than 140 CSA projects spanning Zero Trust, AI, IoT, Top Threats, DecSecOps, Cloud Key Management, Cloud Control Matrix, and many others.

He has co-chaired...

Read more

Ankit Sharma
Ankit Sharma
Security Officer, Compute BU, Cisco Systems India Pvt Ltd

Ankit Sharma

Security Officer, Compute BU, Cisco Systems India Pvt Ltd

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training