Why Security Matters: The Risks of Agentic AI and How to Mitigate Them
Byte Size (INTERMEDIATE level)
Room B1
The hype of AI Agents is in full swing, with Anthropic's Model Context Protocol (MCP) being the highly popular, de facto standard to connect agents with external tools to access files, networks, and APIs. Here, unfortunately, security has been left once again as an afterthought. Ever since LLMs were given the possibility to interact with your computer and environment via tool calls and MCP, not much has been done about security. So, how can we secure AI agent-based systems before we end up in a security nightmare?
In this session for AI-, security-, and software-engineers, we shed some light on the security challenges of agentic AI systems and how to mitigate them. We show how the application of a permission-based access control mechanism can encapsulate MCP servers that are otherwise executed with full privileges. We discuss how our solution comes at little to no performance cost and is compatible with the current implementations of MCP servers, allowing for easy adoption.
In this session for AI-, security-, and software-engineers, we shed some light on the security challenges of agentic AI systems and how to mitigate them. We show how the application of a permission-based access control mechanism can encapsulate MCP servers that are otherwise executed with full privileges. We discuss how our solution comes at little to no performance cost and is compatible with the current implementations of MCP servers, allowing for easy adoption.
Christoph Bühler
Programming-Group - University of St. Gallen
I am a research assistant with the Programming group at the University of St. Gallen. I am working on recent topics in the context of Software Engineering. Currently, my goal is to improve the current state of Infrastructure as Code (IaC) as well as Security in the context of the AI age.
I joined the programming group in July 2024, after nine wonderful years at smartive AG in St. Gallen, Switzerland. My passion for exploring new technologies and solving complex problems has always driven my learning process. My Master Thesis with the university of applied science OST (former HSR) resolved around identity security and authentication in heterogeneous systems.
Since September 2024, I am enrolled in the Masters program in Computer Science at the University of St. Gallen, after which I will continue my research in the Programming group - enrolling in the PhD program under the supervision of Prof. Dr. Guido Salvaneschi. During my studies at HSG - and with my Master Thesis - I focus on testing and verification of IaC programs.
When I am not trying out new technologies or working on my research, I enjoy spending time with my beautiful wife and our kid. I also love playing video games, snowboarding, and Lindy Hop dancing.
I joined the programming group in July 2024, after nine wonderful years at smartive AG in St. Gallen, Switzerland. My passion for exploring new technologies and solving complex problems has always driven my learning process. My Master Thesis with the university of applied science OST (former HSR) resolved around identity security and authentication in heterogeneous systems.
Since September 2024, I am enrolled in the Masters program in Computer Science at the University of St. Gallen, after which I will continue my research in the Programming group - enrolling in the PhD program under the supervision of Prof. Dr. Guido Salvaneschi. During my studies at HSG - and with my Master Thesis - I focus on testing and verification of IaC programs.
When I am not trying out new technologies or working on my research, I enjoy spending time with my beautiful wife and our kid. I also love playing video games, snowboarding, and Lindy Hop dancing.