Your Newest Employee Has Sudo Access: Blueprints to Stop AI Insider Threats

Deploying a tool-calling agent is effectively onboarding a new employee who operates at a million actions per minute with database access and zero concept of consequences. While teams rely on compliance checklists or brittle "please don't leak data" prompts, the reality in the trenches is far more dangerous. If an agent's reasoning loop is hijacked, it doesn't breach your network perimeter, it abuses its legitimate privileges to execute destructive tool calls.

This talk is a no-frills, systems-level deep dive into securing agentic architectures at scale. Written from the perspective of an engineer who transitioned from full-stack and data engineering into product security, this session bypasses linguistic prompt engineering to focus on the actual plumbing of autonomous systems.

Main Takeaways:

  1. Shifting Security to the Execution Layer: Why securing the prompt layer is a fundamental design flaw, and how to implement policy-enforced boundaries at the tool and API integration layers instead.
  2. Detecting Compromised Agent Behavior: Practical approaches to monitoring an active agent's logic paths, data access patterns, and tool-use frequencies to catch anomalies before they cause damage.
  3. Architectural Trade-offs at Scale: How to balance agent autonomy with enterprise data controls, ensuring that security guardrails don't break system performance or reasoning capabilities.

Interview:

What is the focus of your work these days?

I handle hands-on product security, where I review new architecture patterns, build features for account takeover (ATO) prevention, and issue security guidance across the company. Lately, I’ve extended that advisory role deeply into AI security. To ground my internal recommendations in hard data, I spend time actively proof-of-concepting (POCing) emerging agentic security tools to see what actually works. On the engineering side, I focus on making AI safer and more efficient by building frameworks to log and recreate an AI's 'thought process' for security audits, and designing graph-based agent tooling architectures that slash token usage and eliminate tool hallucinations.

What is the motivation behind your talk?

The current discourse around AI security is broken. It is dominated either by high-level compliance checklists or brittle system-prompt patches. Having transitioned from full-stack and data engineering into product security, I watched teams hand autonomous tools to agents while relying on "please do not leak data" prompts to protect the enterprise. I built this talk to show engineers that agentic security isn't a linguistics problem, it’s an architectural and data engineering problem that must be solved at the systems layer.

Who is your talk for?

Mid-to-senior software engineers, backend architects, data engineers, and product security practitioners who are actively moving autonomous, tool-calling agent systems out of the "sandbox demo" phase and into hardened, production-grade enterprise environments.

Speaker

Adrianna Valle

Product Security Engineer @Klaviyo, Author of "Engineering Secure Agentic Systems at Scale", Specializing in the Intersection of Quantitative Data Models and Autonomous System Security

Adrianna Valle handles hands-on product security at Klaviyo, where she specializes in AI security architectures, account takeover (ATO) prevention, and building secure architectural patterns. Transitioning from a background in full-stack and data engineering, Adrianna brings a practical, systems-level approach to enterprise defense. She is a no-frills communicator who favors straightforward, easy-to-understand concepts, ensuring her audience takes away the practical knowledge required to solve complex problems. Her current work focuses on making autonomous systems safer and more efficient, such as designing graph-based agent architectures that eliminate tool hallucinations and building frameworks to audit AI reasoning loops. A vocal advocate for shifting security from brittle prompt tuning to the data and execution layers, Adrianna is dedicated to providing engineers with the blueprints needed to move agentic systems out of the sandbox and securely into production.

Read more

Date

Monday Jun 1 / 10:20AM EDT ( 50 minutes )

Location

East Balcony

Topics

AI Agentic Security AI Security Product Security Systems Architecture Architecture Data Engineering AI Governance

Slides

Slides are not available

Share

Share Share