DEFENCE in depth for autonomous AI agents emphasises that security decisions must be made across multiple layers, with the application layer being the decisive one for safe production use.
The article outlines four mutually reinforcing patterns: design agents like microservices with bounded capabilities; enforce least permissions and zero-trust by ensuring every action is explicitly authorised; apply deterministic human-in-the-loop design so escalation and review are governed by code rather than the model; and treat agent identity as a security primitive to enable precise permissioning, lifecycle controls, and auditability.
It warns that agent systems introduce new threat classes such as agent hijacking, intent breaking, data leakage, supply chain compromise, and inappropriate reliance, and that existing risks are amplified when an agent is added. The integration of model, safety, and positioning layers remains important, but the application layer translates probabilistic model behaviour into deterministic outcomes and enables observable, auditable activity. Overall, secure autonomy is achieved by bounding autonomy through architecture, permissions, identity, and deterministic oversight from the start.