Agent Factory: Creating a blueprint for safe and secure AI agents

Azure AI Foundry integrates security, safety, and governance through a structured process that businesses can use to cultivate trust in their AI agents.

This blog post concludes the six-part series titled Agent Factory, offering best practices, design patterns, and tools to assist you in adopting and developing intelligent AI.

Trust: The Next Challenge

Establishing trust has quickly become a major challenge in the realm of enterprise AI. Think of observability as the ability to see, while security is about ensuring safe steering. As AI agents transition from mere prototypes to vital business components, organisations are grappling with a tough question: how can we ensure our agents remain secure and manageable as they grow and evolve?

The solution isn’t a scattered array of quick fixes; it’s a comprehensive strategy. Adopting a layered method prioritises trust, intertwining identity, guidelines, evaluations, adversarial testing, data protection, monitoring, and governance.

Why Businesses Should Establish Their Blueprint Now

We’re hearing similar worries across various sectors:

• CISOs are concerned about the growth of agents and unclear accountability.
• Security teams require guidelines that fit seamlessly into their established workflows.
• Developers seek built-in safety features from day one rather than at the end of the process.

These challenges are driving what’s known as the shift left phenomenon. Responsibilities related to security, safety, and governance are now entering the developer workflow much earlier. Teams must not wait until agents are ready for launch to address these issues; they need integrated protections, assessments, and policies right from the start.

Data breaches, prompt injections, and uncertainty surrounding regulations are significant obstacles to AI adoption. For enterprises today, trust is critical in determining whether agents can advance from pilot schemes to full-fledged production.

Characteristics of Safe and Secure Agents

When it comes to enterprise adoption, five key attributes stand out:

• Distinct Identity: Every agent is identifiable and tracked throughout its lifecycle.
• Data Protection by Default: Sensitive data is classified and governed to minimise the risk of oversharing.
• Integrated Controls: Tools like harm and risk filters, threat mitigations, and grounding checks are implemented to minimise unsafe outcomes.
• Threat Evaluations: Agents undergo testing with automated safety checks and adversarial prompts pre-launch and during their active phase.
• Ongoing Surveillance: Telemetry links to enterprise security and compliance tools for timely investigations and responses.

While these traits do not promise absolute safety, they are vital for crafting trustworthy agents that comply with enterprise standards. Incorporating these aspects highlights Microsoft’s commitment to promoting trustworthy AI. Layers of protection are integrated across the model, system, policy, and user experience levels, continually refined as agents evolve over time.

How Azure AI Foundry Facilitates This Blueprint

Azure AI Foundry merges capabilities in security, safety, and governance within a structured process that organisations can use to foster trust in AI agents.

• Entra Agent ID:
  Coming soon, each agent developed in Foundry will receive a unique Entra Agent ID, enhancing visibility into all active agents within a tenant and aiding in the minimisation of unmonitored agents.
• Agent Controls:
  Foundry introduces first-of-its-kind comprehensive agent controls. It’s the only AI platform that includes a cross-prompt injection classifier, scanning not only prompt documents but also tool responses, email triggers, and other untrusted sources to tag, block, and neutralise malicious commands. Additionally, it offers controls to stop misaligned tool actions, high-risk activities, and protect sensitive data, including harm and risk filters, grounding checks, and protected material detection.

• Risk and Safety Evaluations:
  These evaluations create a feedback loop throughout the entire lifecycle. Teams can execute harm and risk checks, scoring groundedness, and scanned protected materials both pre-launch and while in operation. The Azure AI Red Teaming Agent and PyRIT toolkit facilitate the simulation of adversarial prompts at scale, testing behaviours and identifying vulnerabilities to boost resilience before any incidents reach production.
• Data Control using Your Own Resources:
  The standard agent setup in the Azure AI Foundry Agent Service allows businesses to utilise their own Azure resources, including file storage, search capabilities, and conversation history storage. This means the data processed by Foundry agents stays within the tenant’s boundaries, safeguarded by the organisation’s security, compliance, and governance frameworks.
• Network Isolation:
  The Foundry Agent Service offers private network isolation through custom virtual networks and subnet delegation. This arrangement ensures that agents operate within a restricted network scope and securely interact with sensitive customer data according to enterprise protocols.
• Microsoft Purview:
  Microsoft Purview extends data security and compliance to AI workloads. Agents in Foundry can adhere to Purview’s sensitivity labels and Data Loss Prevention policies, ensuring the data protections apply to agent outputs as well. Compliance teams can leverage Purview Compliance Manager and related tools to evaluate compliance with frameworks like the EU AI Act and NIST AI RMF, securely managing sensitive customer data according to their regulations.
• Microsoft Defender:
  Foundry displays alerts and recommendations from Microsoft Defender directly within the agent’s environment, giving developers and administrators insight into potential issues such as prompt injection attempts, unsafe tool actions, or unusual behaviours. This telemetry is also streamed to Microsoft Defender XDR, enabling security operations teams to investigate incidents alongside other alerts using their established procedures.
• Governance Collaborators:
  Foundry collaborates with governance partners like Credo AI and Saidot. These integrations enable businesses to correlate evaluation results with frameworks, including the EU AI Act and the NIST AI Risk Management Framework, facilitating the demonstration of responsible AI practices and regulatory compliance.

The Blueprint in Action

From enterprise adoption, the following practices are noteworthy:

1. Begin with Identity: Assign Entra Agent IDs to create visibility and avoid sprawl.
2. Integrated Controls: Implement Prompt Shields, harm and risk filters, groundedness checks, and protected material detection.
3. Ongoing Evaluation: Execute harm and risk assessments, groundedness scoring, scans for protected materials, and adversarial testing with the Red Teaming Agent and PyRIT both pre-launch and during production.
4. Safeguard Sensitive Data: Use Purview labels and Data Loss Prevention measures to ensure protections are upheld in agent outputs.
5. Monitor via Enterprise Tools: Stream telemetry into Defender XDR and utilise Foundry observability for active oversight.
6. Link Governance to Regulation: Engage governance partners to align evaluation data with frameworks like the EU AI Act and NIST AI RMF.

Customer Success Stories

Organisations are already developing security blueprints using Azure AI Foundry:

• EY utilises Azure AI Foundry’s leaderboards and evaluations to assess models based on quality, cost, and safety, allowing for the confident scaling of their solutions.
• Accenture is employing the Microsoft AI Red Teaming Agent to simulate adversarial prompts at scale, enabling their teams to validate not only individual feedback but also comprehensive multi-agent workflows under pressure before going live.

Explore Further

Did you catch the previous posts in the Agent Factory series?