Agent Security Patterns: Defending Against Injection, Leakage, and Misuse

Calendar February 22, 2026
Agent-Tooling
Intermediate
Secure-Agent-Design, Threat-Modeling
Security, Prompt-Injection, Sandboxing, Secrets, Permissions
Python, Typescript, Docker

Agent Security Patterns#

An AI agent with tool access is a program that can read files, call APIs, execute code, and modify systems – driven by natural language input. Every classic security concern applies, plus new attack surfaces unique to LLM-powered systems. This article covers practical defenses, not theoretical risks.

Prompt Injection Defense#

Prompt injection is the most agent-specific security threat. An attacker embeds instructions in data the agent processes – a file, a web page, an API response – and the agent follows those instructions as if they came from the user.

Threat Modeling for Developers: STRIDE, Attack Surfaces, Data Flow Diagrams, and Prioritization

Calendar February 22, 2026
Security
Intermediate
Threat-Modeling, Attack-Surface-Analysis, Risk-Assessment, Security-Architecture
Threat-Modeling, Stride, Attack-Surface, Security-Design, Risk-Assessment, Sdl
Draw-Io, Owasp-Threat-Dragon, Microsoft-Threat-Modeling-Tool

Threat Modeling for Developers#

Threat modeling is the practice of systematically identifying what can go wrong in a system before it goes wrong. It is not a security team activity that happens once. It is a design activity that happens every time the architecture changes.

The output of threat modeling is not a report that sits in a wiki. It is a prioritized list of threats that becomes security requirements in the backlog.