AI Security Series 1 – Applications and Agents

May 20, 2025
Tutorials, Guides
3 min read

Introduction

The rapid advancement of AI technologies—particularly large language models (LLMs) and agentic systems—has transformed the way modern applications are built and operated. From personalized customer support chatbots to autonomous agents that perform multi-step reasoning and execute tasks on behalf of users, these intelligent systems are becoming integral to enterprise workflows.

However, as these systems grow in capability and autonomy, they also introduce novel security risks. Unlike traditional software, AI applications often involve probabilistic outputs, external tool integrations, and dynamic data flows, which challenge conventional security paradigms. As such, understanding the core architectures—such as Retrieval-Augmented Generation (RAG) pipelines and agentic execution patterns—is critical for establishing a security-aware foundation.

This document introduces basic architectural patterns for AI applications and agent-based systems, serving as a primer for further discussion on AI-specific security constructs. It lays the groundwork to explore how components like vector databases, tool interfaces, and orchestrated agents interact—and what implications they hold for system integrity, data protection, and operational safety. 

Retrieval Augmented Generation (RAG)

Retrieval-Augmented Generation (RAG) is an architecture that enhances large language models (LLMs) by enabling them to access external knowledge sources during response generation. This approach allows AI systems to provide more accurate and contextually relevant outputs, especially when dealing with proprietary or dynamic information.

Relevance in Enterprise Solutions

  • Grounded and verifiable outputs than traditional LLM-only responses. They are particularly effective for enterprise use cases where accuracy, relevance, and traceability are essential.
  • Dynamic enforcement of authorization by retrieving only permitted content at query time, ensuring responses are tailored to a user’s access level. In contrast, LLMs trained directly on the data lack real-time access controls, risking exposure of sensitive information regardless of user permissions.

The components are as follows:

  1. User Interaction Layer serves as the frontend interface for users by providing chatbot, web interface or API access.
  2. RAG / A-RAG Core Engine Performs retrieval from vector databases using the embedding models and generates responses using the LLMs.
  3. Storage Layer Stores vector representations of documents for retrieval.
  4. Data Ingestion Pipeline Ingests raw data (e.g., PDFs, web pages, documents) from various sources, performs processing such as chunking, embedding, and permission tagging and subsequently stores it in vector stores to be used during queries.

Agentic Application Architecture

Single Agent

Many components are very similar to the RAGs. For brevity, let’s look at the additional components:

  1. Agent has the capability to perform multiple steps working with LLMs 
  2. Tools Provide access to enterprise data sources, internet searches, management to systems, code repositories and many other systems.

Multi Agent

Additional component in this architecture is:

  1. Router Agent has the capability to interact with multiple agents which specialize at specific actions such as an email agent, document agent, etc and is able to solve more complex problems by breaking down tasks and preparing a solution by orchestrating it across multiple agents.

In these agentic systems, multiple LLMs are used which specialize at specific tasks or have cost effectiveness for specific tasks. An example of this is the Github Copilot which would use GPT3 to validate the users request followed by GPT4 for the actual code generation.

Conclusion

As AI-driven applications and agentic systems grow in complexity and influence, the need for secure and robust architectures becomes paramount. From Retrieval-Augmented Generation (RAG) pipelines to multi-agent orchestrated workflows, each layer introduces new challenges—and opportunities—for applying security best practices.

Understanding these foundational components—user interaction layers, vector databases, ingestion pipelines, agents, and tool integrations—is crucial to designing systems that are not only intelligent but also trustworthy. In particular, agentic architectures introduce dynamically adaptive behaviors, such as tool usage and multi-agent collaboration, that demand rigorous scrutiny around data access control, provenance tracking, permissioning, and identity management.

As we progress, embedding security into the very fabric of AI system design—from model interaction protocols to agent orchestration logic—will be essential to protect sensitive information, prevent misuse, and ensure ethical AI deployment. This foundational understanding will serve as a springboard for exploring more advanced security constructs such as auditability, adversarial robustness, sandboxed execution environments, and compliance-aware orchestration in future discussions.

Additional Reading

Anthropic’s Blog on Agents vs Workflows 

Download OpenAI’s Guide to building agents

http://acuvity.ai

​Satyam Sinha is the Co-founder and CEO of Acuvity, an AI security company focused on providing enterprises with visibility, governance, and granular controls over employee use of AI applications. He has a significant background in building enterprise products across infrastructure and security. Prior to Acuvity, he co-founded Aporeto Inc., a machine identity-based cybersecurity startup that was acquired by Palo Alto Networks.

Leave a Reply

Your email address will not be published. Required fields are marked *

Book a Demo