Building Agentic AI for Security: Architecture, Threat Modelling, and the Audit Trail You Will Actually Need
The first article in this series covered the strategic and governance considerations for deploying agentic AI in a security context — control postures, the human-in-loop vs on-loop distinction, and the compliance position. If you have not read it, I would suggest starting there. This article is for the architects and engineers who now need to build the system. I will cover reference architecture, how to threat model an agentic pipeline, practical prompt-injection defences, and what your audit trail needs to look like if it is going to hold up under scrutiny. ...