Original source: Outshift by Cisco
This video from Outshift by Cisco covered a lot of ground. 11 segments stood out as worth your time. Everything below links directly to the timestamp in the original video.
Understanding how to manage permissions across multiple AI agents is vital for preventing security breaches and ensuring accountability. This proposed method offers a practical way to keep complex AI systems secure and compliant.
New Approach Proposed for Multi-Agent Authorization Chains to Prevent Privilege Loss
A new method is proposed to address privilege loss in multi-agent authorization chains, which occurs when an agent delegates tasks to sub-agents. The core problem is that privileges can be inadvertently dropped during handoffs, making it difficult to certify that information is correctly translated to the final recipient. The suggested solution involves evaluating each hop in the authorization chain against the original user's identity, ensuring the agent acts as a conduit rather than an independent authority.
This approach aims to maintain identity context throughout complex multi-agent interactions, which is crucial for compliance and security in sophisticated AI systems. By continuously verifying against the initial user's identity, organizations can prevent unintended escalations or reductions in access rights, establishing a clearer audit trail and strengthening the overall integrity of automated workflows.
"With every hop, maybe try to do some type of evaluation tactic against the original user's identity. That way if there's a loss of context, at least in terms of identity, you have an idea that the agent is more of a conduit and it's not like the authority."
Cisco Proposes Role-Based Access and Logging for AI Compliance and Accountability
Cisco is addressing compliance for AI systems by proposing role-based access control at the retrieval layer of Retrieval Augmented Generation (RAG) models. This strategy aims to manage document access, ensuring that agents only pull information consistent with a user's defined role, even if the user didn't explicitly request those documents. Furthermore, reasoning traces from agent decisions would be logged as security events within Cisco XDR, providing a comprehensive audit trail for compliance reporting.
These measures are designed to enhance accountability and transparency in AI operations, particularly in environments where agents interact with sensitive data. By integrating role-based controls and detailed logging, organizations can better meet regulatory requirements and provide a full decision chain, offering clarity on agent actions for future audits or investigations.
"If you log the reasoning trace within this layer, then you'll be able to report on what happened with the full decision chain."
Agentic AI Faces Significant Compliance Gaps Despite Widespread Adoption
Despite the widespread adoption of multi-agent collaboration platforms (MCP) and the presence of basic authorization tools, significant compliance gaps are emerging in agentic AI. Key blockers include uncertainties around tool call authorization, managing data within agent context windows, proving the rationale behind agent decisions, adapting to evolving regulations, and ensuring proper permission inheritance among sub-agents. These issues pose challenges for organizations either already deploying agents or considering their adoption.
These compliance challenges highlight a critical need for more robust governance frameworks in the rapidly evolving AI landscape. Without clear mechanisms to address these blockers, businesses face increased security risks and difficulties in meeting regulatory demands, potentially slowing down the broader implementation of powerful agentic AI technologies.
"Can you prove why the agent decided what it decided?"
Context Window Identified as Weak Point for AI Regulation
The context window in AI agents, while crucial for their functionality, has been identified as a weak point for regulatory compliance. The challenge stems from the unstructured nature of data dumps from agent memory, typically in JSON format, which can return a wide array of information without clear organization. To mitigate this, a proposed solution is to implement filtering and classification mechanisms for data before it enters an agent's context, ensuring that only authorized and relevant information is presented to the user.
This proactive approach is essential for maintaining data governance and preventing the exposure of sensitive or unauthorized information. By controlling the data flow into the context window, organizations can enhance the security and compliance of AI systems, ensuring they operate within established policy boundaries and deliver only permissible insights.
"From a compliance perspective and not a research perspective, what we can do in the meantime is maybe try and find ways to filter and classify that data before it enters the context with tools that are available."
Deterministic Constraints Proposed to Certify Non-Deterministic LLM Output
To address the non-deterministic output inherent in large language models (LLMs) and agent reasoning, a proposed solution involves wrapping the AI agent in a deterministic constraint. This could take the form of middleware that anticipates a defined range of expected outcomes, even if it doesn't predict the exact answer. By establishing these boundaries, the system gains a degree of predictability, making it easier to certify and manage the AI's behavior.
The probabilistic nature of LLMs poses a significant hurdle for compliance, as it complicates the process of guaranteeing consistent and auditable results. Implementing deterministic constraints aims to bridge this gap, allowing organizations to maintain control and accountability over AI operations, which is critical for regulatory adherence and trust in automated decision-making.
"A proposed fix for this would be wrapping the agent in some type of deterministic constraint."
European Regulations Highlight Compliance Challenges for Agentic AI
European regulations such as the General Data Protection Regulation (GDPR), the Markets in Financial Instruments Directive (MiFID II), and the upcoming EU Cyber Resilience Act exemplify the complex compliance challenges facing agentic AI. These regulations demand clear accountability for data context, require proof of agent actions, and necessitate careful management of sub-agent permissions. The speaker emphasized that proving why an agent made a specific decision and controlling what data enters its context window are critical for meeting these legal requirements.
These regulatory pressures underscore the urgency for organizations to develop robust AI governance frameworks. Non-compliance can lead to significant penalties, making it essential to architect AI systems with inherent capabilities to track, explain, and secure their operations, thereby ensuring adherence to stringent data protection and operational transparency standards.
"What data entered the context window? Can you prove why the agent decided what it decided?"
Agent Memory Identified as Liability, TTL Limits Proposed for Data Retention
Agent memory, specifically the conversation history stored in vector stores, has been identified as a compliance liability due to the context it retains. Organizations are responsible for defining how long this information is stored within the agent's context window. To address this, a proposed solution is to implement time-to-live (TTL) limits, allowing for the automatic deletion of conversation history after a specified period.
This approach provides a practical mechanism for managing data retention policies within AI systems, reducing the risk of holding sensitive information longer than necessary. By controlling the lifespan of agent memory, companies can better align with data privacy regulations and mitigate potential liabilities associated with long-term data storage.
"Something that you can do is set time limits on that. So you can do TTLs which are time to live that set how long that you want to keep what information for."
Seven Compliance Surfaces Proposed for Multi-Agent Collaboration Platforms
A framework of seven compliance "surfaces" has been proposed for designing and managing multi-agent collaboration platforms (MCPs). These surfaces address various aspects of data, audit, operations, and multi-agent scaling. The speaker emphasized that defining clear ownership for maintaining each surface is crucial, especially given the dynamic nature of organizational structures and the inherent security risks associated with new technologies.
This structured approach aims to help organizations proactively bake compliance into their MCP designs, rather than addressing it as an afterthought. By identifying specific areas for compliance focus and assigning clear responsibilities, businesses can better navigate the complexities of AI governance and mitigate potential security vulnerabilities.
"When you're designing for compliance, you can look at these seven surfaces as a start."
Guardrails Proposed for AI Tool Calls to Enhance Compliance
To address compliance issues arising from AI models autonomously deciding which tools to call, a new approach focusing on "tool boundaries" is proposed. This involves implementing policy enforcement directly at the multi-agent collaboration platform (MCP) tool level. Specifically, a guard would be placed at the tool invocation stage to check for proper authorization before any action is executed by the agent.
This measure aims to regain control over model-decided actions, which currently lack the direct human oversight found in traditional API calls. By embedding authorization checks as a preliminary step, organizations can ensure that AI agents adhere to predefined security policies and operational guidelines, thereby enhancing compliance and reducing potential risks.
"A proposed fix would be that you would put some type of guard at the tool invocation."
Cisco Maps AI Compliance Surfaces to Existing Infrastructure and Coder Responsibilities
Cisco has outlined seven key compliance surfaces for AI, categorizing them and mapping their management responsibilities. Identity-related issues, such as tool boundaries and authorization chains, are primarily handled by Cisco ISC infrastructure. Context window management, which involves spatial intelligence, falls under Cisco Spaces. However, challenges related to deterministic output and agent memory are identified as direct concerns for multi-agent collaboration platforms (MCP) or the data layer, requiring direct intervention from coders and software engineers.
This delineation clarifies where different aspects of AI compliance reside within an organizational and technical structure. By distinguishing between issues manageable by existing infrastructure and those demanding dedicated coding efforts, companies can streamline their compliance strategies, ensuring accountability and efficient resource allocation in the development and deployment of AI systems.
"Deterministic output is a directly MCP issue, so you wouldn't really go too much in a Cisco structure with that. Agent memory is something that's directly a data layer issue."
Cisco Actively Pursues Constitutional AI and Advanced Observability for Agentic Compliance
Cisco is actively exploring several emerging concepts to enhance compliance in agentic AI systems, aligning with initiatives under the "internet of agents" framework. These concepts include constitutional AI, which embeds ethical guidelines directly into AI design, and building guardrails as fundamental primitives within agent architectures. Additionally, the company is focused on designing for capability tokens, shifting the focus from an agent's identity to its authorized capabilities, and enhancing agentic observability to define semantic conventions for how agents operate and communicate.
These advanced approaches aim to create more inherently secure and compliant AI agents. By integrating these principles, Cisco seeks to build a future where AI systems can be trusted to operate autonomously within predefined ethical and operational boundaries, fostering greater adoption and mitigating risks in complex multi-agent environments.
"Constitutional AI is a really big thing. Building guardrails as primitives. Figuring out how to design for capability tokens instead of asking who is this agent? Maybe you can ask what capability token was it given."
Also mentioned in this video
- Cisco ISE is introduced as a policy decision engine, primarily used to… (3:21)
- Cisco Spaces is presented as a spatial data platform that ingests data from… (4:00)
- Cisco XDR, the new and improved version of Cisco SecureX, is described as a… (4:38)
- The three Cisco tools (ISE, Spaces, XDR) all deal with context and identity,… (5:10)
- MCP provides hooks for building a compliance layer, including Oauth 2.0… (10:00)
- The speaker advises that when building for regulatory drift, it is crucial to… (21:33)
- Focusing on the first three patterns discussed and generally building for… (22:07)
Summarised from Outshift by Cisco · 22:41. All credit belongs to the original creators. Streamed.News summarises publicly available video content.
