Protegrity provides a guide for CEOs on securing agentic systems, emphasizing the need to treat AI agents like powerful users. The article stems from concerns about AI-orchestrated espionage and the failure of prompt-level controls. It outlines an eight-step plan, advocating for rule enforcement at the boundaries where agents interact with identity, tools, data, and outputs.

The core of the strategy involves constraining capabilities, controlling tools, and managing permissions. This includes treating agents as non-human principals with restricted access, approving tool usage, and binding credentials to tasks rather than models. The goal is to limit potential damage from compromised agents. The EU AI Act's focus on cyber-resilience underscores the importance of these measures.

Further, the guide underscores the importance of safeguarding data and behaviors, including strict control of inputs, outputs, and privacy. Ensuring the output is validated, and that sensitive data is protected. Continuous evaluation through red teaming and robust logging is recommended. The ultimate goal is to prove governance and resilience in the face of potential threats.

Finally, the article stresses the need for governance, inventory, and audit. Businesses should maintain a comprehensive catalog of agents, their permissions, and a unified log of actions. The ability to reconstruct an agent's decision-making process is critical. The article concludes by shifting the focus from guardrails to comprehensive system-level security.