By Dr Luke Soon
Introduction
Things are moving exponentially fast in this space- so I thought this addendums would be necessary. Agentic AI is no longer a distant vision; it is rapidly becoming a core part of enterprise operations, from automating workflows to making independent decisions. Yet, as these systems gain autonomy, the risks and responsibilities multiply. How do we ensure agentic AI is safe, ethical, and aligned with human values? This article explores the latest frameworks, best practices, and research, including my own thought leadership, to help organisations navigate this new landscape.
Why Agentic AI Safety Is Uniquely Challenging
Agentic AI systems differ fundamentally from traditional AI. Rather than simply following instructions, they perceive, plan, and act independently. This autonomy introduces new safety challenges:
- Unpredictable Decision-Making: Agents can make choices that are difficult to audit or anticipate, especially in multi-agent environments.
- Expanded Attack Surface: Threats such as memory poisoning, tool misuse, and privilege compromise are now prominent, alongside classic issues like prompt injection and data leakage (BetaNews).
- Emergent Behaviours: Agents may collude, compete, or behave in unexpected ways, making traditional controls insufficient (TNGlobal).
Why Agentic AI Safety Is Different—and Harder
Unlike traditional AI, agentic systems are not just tools; they are actors. They can set subgoals, interact with other agents, and adapt to changing environments. This autonomy brings new safety challenges:
– **Unpredictable Decision-Making:** Agents can make choices that are difficult to audit or anticipate, especially in multi-agent environments.
– **Expanded Attack Surface:** Memory poisoning, tool misuse, and privilege compromise are now top threats, alongside classic issues like prompt injection and data leakage.
– **Emergent Behaviors:** Agents can collude, compete, or even “scheme” in ways that defy simple rule-based controls ([UC Berkeley](https://scet.berkeley.edu/the-next-next-big-thing-agentic-ais-opportunities-and-risks/)).
The Latest (Evilving) Safety Frameworks
1. MAESTRO and Modern Threat Modelling
Traditional frameworks such as STRIDE and PASTA are not fit for purpose in the agentic era. The MAESTRO framework, developed by the Cloud Security Alliance, offers a multi-layered approach that addresses agent-to-agent interactions, adversarial machine learning, and system-level risks (CSA). MAESTRO emphasises continuous monitoring, layered security, and explicit modelling of agent autonomy and environment.
2. NVIDIA’s Safety Recipe
NVIDIA’s safety recipe provides a comprehensive, enterprise-grade framework for building, deploying, and operating trustworthy agentic AI. It includes evaluation tools, content moderation, adversarial testing, and runtime guardrails to ensure alignment with both internal policies and external regulations (NVIDIA).
3. Best Practice: Human-in-the-Loop and Governance
Robust governance frameworks are essential. These should include:
- Continuous Risk Assessment: Regularly update threat models and risk registers as agents evolve.
- Human Oversight: Maintain a “human in the loop” for high-impact or irreversible actions.
- Transparent Decision-Making: Use explainable AI techniques and maintain detailed audit logs.
### 3. **Best Practices for Agentic AI Safety**
**A. Governance and Compliance**
– **Continuous Risk Assessment:** Regularly update threat models and risk registers as agents evolve.
– **Human Oversight:** Always keep a “human in the loop” for high-impact or irreversible actions.
– **Transparent Decision-Making:** Use explainable AI techniques and maintain detailed audit logs.
**B. Security Engineering**
– **Access Controls and Authorization Layers:** Restrict what agents can do, and monitor all actions.
– **Adversarial Testing:** Simulate attacks (prompt injection, memory poisoning) and stress-test agent behaviors.
– **Incident Response Plans:** Prepare for rollback, containment, and rapid recovery from agentic failures.
**C. Data and Privacy**
– **Data Minimization:** Limit the data agents can access and process.
– **Anonymization and Consent:** Ensure compliance with GDPR, CCPA, and sector-specific regulations.
**D. Continuous Monitoring**
– **Centralized Vulnerability Management:** Use platforms for real-time monitoring and automated alerts ([BetaNews](https://betanews.com/2025/07/28/navigating-the-hidden-dangers-in-agentic-ai-systems-qa/)).
– **Regular Audits:** Review training data, model updates, and agent actions for bias and drift.
Key Risks and How to Mitigate Them
Recent research and industry experience highlight several critical risks:
- Inaccuracies and Hallucinations: Large Language Models (LLMs) can generate plausible but false information, leading to harmful autonomous interventions (TNGlobal).
- Bias and Discrimination: Agentic AI can perpetuate and amplify biases present in data, resulting in unfair outcomes.
- Loss of Control: Systems may deviate from their intended purpose, operating in unforeseen ways.
- Privacy and Security Violations: Autonomous agents can inadvertently leak sensitive data or breach compliance requirements.
Mitigation strategies include:
- Data Quality Assurance: Ensure data integrity before and during model training and deployment.
- Input and Output Guardrails: Implement robust content filters, anonymisation, and confidence thresholds.
- Infrastructure Security: Use encryption, self-hosted models, and strict data governance.
- Model and Data Governance: Treat agentic AI as a product, with formal reviews, sign-offs, and continuous monitoring.
### 4. **Emerging Research and Unsolved Challenges**
**A. Multi-Agent Safety:**
Recent work highlights the risks of agent collusion, competition, and emergent “scheming” behaviors ([UC Berkeley](https://scet.berkeley.edu/the-next-next-big-thing-agentic-ais-opportunities-and-risks/)). New protocols are needed for agent-to-agent trust, negotiation, and conflict resolution.
**B. Long-Term Planning Agents (LTPAs):**
Bengio, Russell et al. (2024, *Science*) argue that LTPAs—agents with open-ended, long-term goals—pose profound alignment and control risks, recommending strict regulatory controls.
**C. Supply Chain and Model Provenance:**
As agents increasingly rely on third-party models and data, supply chain security and provenance tracking are critical but underdeveloped areas.
**D. Societal and Ethical Risks:**
Agentic AI can now simulate human behavior with high fidelity (Park et al., 2024), raising concerns about deepfakes, manipulation, and privacy.
In my own work, I have emphasised the need for a holistic approach to agentic AI safety and governance. My “10 Agentic Model Protocols” provide a practical blueprint for organisations to assess, monitor, and govern agentic systems throughout their lifecycle. These protocols stress the importance of:
- Holistic Risk Assessment: Evaluating not just individual agents, but their interactions and emergent behaviours.
- Lifecycle Governance: Embedding safety checks from design through to deployment and operation.
- Societal and Ethical Considerations: Ensuring agentic AI aligns with broader societal values and legal requirements.
For further reading, see my series on agentic AI safety and governance, including Guardians of Autonomy: Navigating the Safety Imperative in the Age of Agentic AI.
The Road Ahead: Responsible Innovation
Agentic AI offers immense potential, but only if developed and deployed responsibly. The future will demand:
- Layered, AI-Specific Threat Models: Move beyond generic frameworks; use MAESTRO or similar for agentic systems.
- Investment in Explainability and Auditability: Make agent decisions traceable and challengeable.
- Collaboration on Standards: Engage with industry groups to shape evolving best practices and regulatory frameworks.
### 5. **What’s Next? The Road to Responsible Agentic AI**
– **Adopt Layered, AI-Specific Threat Models:** Move beyond generic frameworks; use MAESTRO or similar for agentic systems.
– **Invest in Explainability and Auditability:** Make agent decisions traceable and challengeable.
– **Prioritize Human Oversight:** Especially for high-stakes or open-ended agent actions.
– **Collaborate on Standards:** Engage with industry groups (CSA, OpenAI, FLI) to shape evolving best practices and regulatory frameworks ([Future of Life Institute AI Safety Index](https://futureoflife.org/ai-safety-index-summer-2025/)).
– **Prepare for the Unknown:** The field is moving fast; continuous learning and adaptation are essential.
References
- Soon, L. (2024-2025). Guardians of Autonomy: Navigating the Safety Imperative in the Age of Agentic AI. LinkedIn
- Soon, L. (2024-2025). 10 Agentic Model Protocols You Should Know About.
- Navigating the hidden dangers in agentic AI systems
- Roadmap to Agentic AI Implementation
- Advancing Agentic AI: Navigating opportunities and bolstering safety
- Safeguard Agentic AI Systems with the NVIDIA Safety Recipe
- [Agentic AI Security: Challenges and Best Practices in 2025 (Aisera)](https://aisera.com/blog/agentic-ai-security/)
- [MAESTRO Threat Modeling Framework (CSA)](https://cloudsecurityalliance.org/blog/2025/02/06/agentic-ai-threat-modeling-framework-maestro)
– [UC Berkeley: Agentic AI’s Opportunities and Risks](https://scet.berkeley.edu/the-next-next-big-thing-agentic-ais-opportunities-and-risks/)
– [IBM: AI Agents in 2025 – Expectations vs. Reality](https://www.ibm.com/think/insights/ai-agents-2025-expectations-vs-reality)
– [BetaNews: Navigating the Hidden Dangers in Agentic AI Systems](https://betanews.com/2025/07/28/navigating-the-hidden-dangers-in-agentic-ai-systems-qa/)
– [Future of Life Institute: 2025 AI Safety Index](https://futureoflife.org/ai-safety-index-summer-2025/)
Conclusion
Agentic AI is here to stay, and its promise is matched only by its peril. By embracing new frameworks, prioritising transparency and human oversight, and staying ahead of emerging risks, we can harness the power of agentic AI—safely, ethically, and for the benefit of all.
Genesis: Human Experience in the Age of Artificial Intelligence 
Leave a comment