All resources
Whitepapers
May 6, 2026

Beyond the Model: The Expanded Attack Surface of AI Agents

Guardrails aren't enough. Watch Airia & CISO James Azar unpack the real attack surface of AI agents — and how to defend it.

Watch Now – Beyond the Model: The Expanded Attack Surface of AI Agents

This webinar from Airia, hosted on the Hacker News webinar series, features **Rahul Parwani,**Head of Product for Security Solutions at Airia, in conversation with CISO and moderator James Azar. The discussion explores why securing AI agents requires a fundamentally different approach than securing traditional AI models or LLMs alone.

The core argument: Guardrails alone are not enough. When organizations move from simple chatbots to agents with tools, data access, and autonomous capabilities, the attack surface expands dramatically. Traditional input/output filtering fails to address risks like indirect prompt injection, data exfiltration, and unintended tool actions.

Key Takeaways:

  • **Model security ≠ Agent security.**Agents with tools and data access have far more attack vectors than standalone LLMs.
  • Guardrails are necessary but insufficient. They can’t stop malicious actions once a prompt injection bypasses detection.
  • Indirect prompt injection is the top threat. Malicious instructions hidden in data sources can hijack agents without user input.
  • Real exploits exist today. Microsoft Copilot vulnerabilities have enabled zero-click data exfiltration.
  • Use multi-layered security. Combine guardrails, intent analysis, deterministic tool constraints, and parameter validation.
  • “Security in the prompt” doesn’t work. System prompt instructions can be overridden by injections.
  • Apply least-privilege access to agents. Grant only the minimum permissions needed for each task.
  • Agentic identity is emerging. Short-lived, scoped agent identities (via Entra, Okta, etc.) are becoming essential.