Prompt injection gets the headlines, but the deeper risk in AI agents is permission misuse. If an agent can access sensitive data, call tools, or perform actions, then developers need to design security boundaries before the first prompt is written.

In this session, we’ll examine the security model for AI agents through a developer lens. Using Microsoft Entra ID and Agent 365 as the foundation, we’ll explore identity, delegated access, app permissions, consent, Conditional Access, auditability, and least-privilege tool design.

We’ll connect classic application security principles to new agentic risks: tool poisoning, confused deputy problems, excessive permissions, unsafe automation, and data exposure through retrieval or plugins.

This session is for developers and architects who want to build useful AI agents without creating invisible security liabilities.