Most agentic AI demos assume a greenfield environment. In a real enterprise, agents run inside strict boundaries where security, compliance, and incident response are non-negotiable. The core problem isn’t just hallucinations, it’s that tool-using agents can quietly become a new insider with the ability to query data, call APIs, and make changes faster than traditional controls were designed for.
This talk shares a practical blueprint for building agent systems with a Zero Trust mindset. I’ll walk through an architecture that treats agents as first-class identities, enforces least privilege at the tool layer (not the prompt layer), keeps context and retrieval bounded, and produces audit-ready observability so teams can explain what happened and prove control effectiveness. The session is grounded in patterns I use in production environments where SOC 2, ISO, and similar controls matter.
Speaker
Advait Patel
Senior Site Reliability Engineer (DevSecOps + Cloud + AIOps) @Broadcom, Creator of DockSec, Docker Captain, and IEEE Senior Member
Advait Patel is a Senior Cloud Security and Site Reliability Engineer focused on securing and operating large-scale SaaS platforms across AWS and Google Cloud. His work spans Zero Trust architecture, vulnerability management, compliance-aligned controls (SOC 2/ISO-style environments), and reliability engineering for distributed systems. He is a Docker Captain, an IEEE Senior Member with leadership roles, and the creator of DockSec, an OWASP-adopted open-source project in container security. Advait regularly speaks at industry and security conferences, serves on technical program committees, and is an advisory committee member for conferences. He also publishes industry and research work in AI and cloud security and is an author/editor of multiple security books with Springer/Apress and Wiley.
