As artificial intelligence (AI) technologies evolve, organizations are increasingly deploying multiple autonomous agents that work together in a coordinated manner. This orchestration, often referred to as 'swarming,' has the potential to enhance efficiency but also significantly increases the security complexities that businesses must manage.

The growing landscape of AI deployments is pushing organizations to confront a wider attack surface. With various AI models and agents needing to operate alongside one another, the orchestration of these agents introduces a myriad of security concerns that must be addressed to maintain the integrity of an organization’s security framework.

AI agents, particularly those powered by large language models (LLMs), are becoming integral to various workplace processes. These autonomous agents are marketed as capable of self-direction, making decisions about subsequent actions autonomously. They are employed in several areas, including data analysis, process automation, and software development, where they create and manage code. As businesses increasingly embrace this technology, the likelihood of different agents interacting with each other rises, which poses new security challenges.

The emergence of open-source self-hosted agents, such as OpenClaw (also known as MoltBot), has added to these concerns. This trend has humorously manifested in platforms like Moltbook, leading to the development of orchestration products such as GitHub's Agent HQ, designed for software development. These tools facilitate code reviews and provide a centralized command center for managing multiple agents simultaneously. Numerous vendors, including Zapier and IBM, are also offering orchestration tools tailored for various swarm use cases.

Roey Eliyahu, the CEO and co-founder of Salt Security, highlights that while agent orchestration can allow agents to perform parallel tasks and specialize in specific functions, it simultaneously introduces significant security risks. These include credential sprawl, excessive access privileges, and an increase in integrations that may involve sensitive data.

"Multiagent orchestration is powerful because it parallelizes work, but it also parallelizes risk," Eliyahu notes. He emphasizes that security measures must ensure that each agent is narrowly scoped, subject to rigorous audits, and restricted from performing high-impact actions without explicit approval.

Multiple Agents Means Multiplied Security Risks

It is imperative to recognize that while a single agent can introduce security risks into an environment, the presence of multiple agents amplifies these risks, particularly if data security is not prioritized. Although AI agents are not human employees, they still require human-like privileges and access, including tokens and credentials for various tools and servers, which can lead to elevated permissions.

LLMs are susceptible to manipulation through prompt injection, which means that each integration with a product or instance presents another opportunity for sensitive data exposure. Furthermore, agents can generate numerous outputs rapidly. Without proper auditing, this can lead to the unintentional exposure of secrets in outputs or logs, increasing the chances of mistakes—something LLMs are prone to when left unchecked.

The concept of 'swarming code'—where a group of agents collaboratively codes, debugs, and tests—is particularly fraught with compounded risks. Ram Varadarajan, CEO at Acalvio, points out that while multiagent architectures offer several advantages, they also expand the attack surface, creating a 'trust cascade' where compromising one node can lead to a high probability of poisoning the entire pipeline.

How to Multiagent Securely

To ensure secure AI deployments, it is essential to implement comprehensive data-security hygiene and access-management protocols. This includes conducting a thorough inventory of all agents, orchestration tools, integrations, permissions, and the data that agents can access. Organizations must enforce the principle of least privilege, ensuring agents have minimal access necessary to perform their roles.

Eliyahu recommends utilizing short-lived credentials, avoiding shared tokens, and implementing default denial of applications with explicit allow-lists segregated by identity. Additionally, agents should be placed in isolated execution environments, and human oversight should be maintained for high-risk actions.

Collin Chapleau, a senior director of security and AI strategy, emphasizes the importance of visibility in securing agent-based LLM systems. "The foundation of securing agentic LLM systems is visibility: knowing what each agent is doing and detecting when it drifts from its intended purpose," he explains. Comprehensive oversight is vital to identify and mitigate unexpected interactions among agents early.

Rich Mogull, chief analyst at the Cloud Security Alliance, argues that the presence of parallel agents does not inherently create new security risks. In fact, it can reduce risks through the deployment of security-focused agents and specialized frameworks integrated with secrets management. However, he advises organizations to standardize on a single framework or platform to ensure capability and security, cautioning against attempts to build AI agents from scratch.

Source: Dark Reading News