agents
llm
devops-cloud
View original source
video

Secure Agentic AI with Tokens & Delegation

Prevent credential replay, rogue agents, and overpermissioning in agentic flows using verifiable agent identities, delegation tokens, token exchanges at each hop, scoped permissions, and secure vaults for last-mile access.

Mitigate Credential Replay and Man-in-the-Middle Attacks

In typical agentic flows—user to chat, orchestrator, multiple AI agents, MCP servers, and tools—credential replay occurs when attackers steal user tokens via prompt injection into LLMs or interception in unsecured channels. To counter this, encrypt all communications with TLS or mTLS, store credentials encrypted, and never pass identity tokens to LLMs, as they only need task prompts. This ensures tokens propagate securely without exposure, maintaining user privileges only where intended.

Establish Verifiable Agent Identities and Delegation

Rogue agents spoof identities to access tools or other agents, while impersonation lets agents falsely claim to act for a user. Register agents with a company identity provider for authentication at multiple points, like between agents or at MCP servers—reject unauthenticated ones. For delegation, after user and agent authentication, issue combined tokens at the identity provider: subject identifies the user, actor identifies the agent. This proves the agent operates on behalf of the verified user, preventing unvalidated claims downstream.

Enforce Token Propagation and Least Privilege Scopes

Long-lived tokens risk compromise across hops; use token exchange at each node (e.g., agent-to-agent, agent-to-MCP) by calling the identity provider to swap incoming tokens for new ones scoped to the specific flow's start/end points. Restrict scopes to necessities: agent 1 gets audience for agent 2 only; agent 2 scopes for the target tool via MCP. This applies least privilege—users/agents access only prompt-required tools—avoiding overpermissioning where broad user rights exceed flow needs.

Secure Last-Mile Tool Access with Vaults

Between MCP and tools, APIs may bypass flow security; avoid storing tool credentials on MCP. Instead, integrate a secure vault that exchanges flow tokens for temporary, short-lived credentials specific to the tool. This eliminates persistent credential exposure, ensuring end-to-end trust from user prompt to tool execution and results propagation.

Video description
Ready to become a certified z/OS v3.x Administrator? Register now and use code IBMTechYT20 for 20% off of your exam → https://ibm.biz/BdpiZ2 Learn more about Agentic AI Security here → https://ibm.biz/BdpiZz How do you build trust in agentic AI systems? 🤔 Grant Miller explains how to secure AI interactions with tokens, delegation, and verifiable agent identities. Learn how to prevent risks like credential replay and rogue agents while building secure, trustworthy workflows in agentic AI systems! AI news moves fast. Sign up for a monthly newsletter for AI updates from IBM → https://ibm.biz/BdpiZq #agenticai #aitrust #secureai

Summarized by x-ai/grok-4.1-fast via openrouter

5719 input / 1238 output tokens in 10080ms

© 2026 Edge