AGAtharva GhamBackend · Platform · Security
Theme
Menu
Back to writing

AI Security6 min read

Threat Modeling Agentic Workflows

As soon as an LLM can call tools, process untrusted inputs, and mutate state, the security surface changes. Treating these systems like plain chat interfaces is a mistake.

The interesting bugs are compositional

Prompt injection matters, but it is only part of the picture. In practice, risk emerges when model behavior, tool-use permissions, memory persistence, and weak validation line up in the wrong order.

That makes threat modeling for agentic workflows closer to systems design than prompt hygiene alone.

Constrain every boundary

Useful agentic systems still need tight boundaries. Tools should be scoped, outputs validated, permissions minimized, and actions auditable.

  • Separate retrieval context from executable instructions
  • Add allowlists around tools and parameter shapes
  • Log decision paths before actions are taken

Security wins when workflows stay observable

If a team cannot reconstruct why an agent acted, then response and remediation will always lag behind failure. Auditability is part of the product, not an afterthought.