The shift from passive LLMs to autonomous, agentic AI introduces a fundamentally new class of security risks. Unlike traditional stateless applications, AI agents are non-deterministic—they hold memory, interact dynamically with multiple APIs, and blur the lines between data and instructions. Existing enterprise security frameworks, built around static roles and predictable user behaviors, are completely blind to the dynamic reasoning and complex attack paths these systems create.

In this session of Offensive Engineering Live Sessions, Mahesh Kumar Goyal, a Senior Data and AI Engineer at Google specializing in advanced agentic AI systems and responsible AI architectures, walks through the mechanics of governing and securing autonomous workflows. He’s speaking independently, and the views he shares are his own.

The conversation covers:

• Why the non-deterministic nature of agents breaks traditional identity and access management (IAM) frameworks

• How the line between data and code blurs when documents and log files become instructions for an AI

• Why prompt injection is evolving into the SQL injection of the agentic era, capable of poisoning long-term memory

• The critical need to treat an agent’s memory like a database with isolated, ephemeral context windows

• Why relying on standard enterprise observability and EDR tools for agentic workflows is a dangerous enterprise misconception

• Mandatory governance controls for production, from centralized agent inventories to unique cryptographic identities and short-lived tokens