Securing agents

Year: 2026 · ▶ Watch on YouTube

Ankur Kotwal (Developer Advocate) · Yinon Costica (Co-Founder & VP of Product)

Switch language → zh

Segments (2)

  • 00:05:00 · Securing Agents with Agent Platform — Ankur Kotwal
    • The speaker demonstrates how to use Google Cloud’s Agent Platform, including Agent Gateway, Agent Identity, and IAM policies, to enforce fine-grained security and access control on AI agents.
  • 03:59:00 · Securing Code with Wiz — Yinon Costica
    • The speaker showcases how Wiz integrates with developer tools to scan code, identify exploitable risks using a ‘Red Agent’, and suggest code fixes using a ‘Green Agent’ to remediate vulnerabilities before deployment.

Products Announced (3)

  • 00:28:835 · Google Cloud Agent Platform (Demonstrated)
    • Agent Gateway for proxying and policy enforcement · Agent Identity for unique, immutable credentials · IAM Policies for granular, role-based access control
    • Not mentioned
  • 05:09:415 · Wiz Red Agent (Demonstrated)
    • Acts as a friendly AI pentester · Exploits issues from the outside to validate risks · Identifies and validates attack paths in the Security Graph
    • Not mentioned
  • 05:17:105 · Wiz Green Agent (Demonstrated)
    • Acts as a ‘fixer’ for identified vulnerabilities · Suggests root-cause remediations · Integrates with developer workflows and coding agents
    • Not mentioned

Demos (2)

  • 00:47:00 ✓ · Agent Platform Policy Enforcement — Ankur Kotwal
    • The demo showed how to create an IAM policy in the Google Cloud console to restrict a ‘planner’ agent to read-only access on a financial data source, successfully blocking a request to change the budget.
  • 05:31:00 ✓ · Wiz Code-to-Cloud Remediation — Yinon Costica
    • The demo displayed the Wiz Security Graph identifying a critical attack path, then used the Wiz Green Agent within a code editor to automatically generate and apply code fixes for the vulnerability, which were then committed after a successful pre-commit scan.

Notable Quotes (4)

  • 02:14:645 — Ankur Kotwal:

    What happens in the planner, needs to stay in the planner.

  • 03:39:155 — Ankur Kotwal:

    Our zero trust architecture comes with a zero budget policy for impromptu spending.

  • 06:24:995 — Yinon Costica:

    The Red Agent is the best AI attacker probing your environment, and it goes far beyond code analysis to focus on real risk to your deployed apps and APIs.

  • 09:21:555 — Ankur Kotwal:

    We no longer have to choose between developer velocity and security.

Visual Signals

On-screen (11)

  • 00:08:315 · Title slide: Securing agents
    • Introduces the topic of the presentation segment.
  • 00:29:155 · Diagram: 'Securing agents' architecture with Agent Registry, Runtimes, and Gateway.
    • Visually explains the components of the Agent Platform.
  • 00:50:885 · Google Cloud Console UI: 'Agent Platform / Gateways'
    • Shows the management interface for agent gateways.
  • 01:04:775 · Title slide: Agent Registry, Agent Identity
    • Highlights the concepts of agent registration and unique identities.
  • 02:35:985 · Title slide: Agent policies
    • Introduces the policy creation part of the demo.
  • 03:34:455 · Agent response: 'Access Restricted'
    • Confirms that the security policy created in the demo was successful.
  • 04:34:255 · Wiz logo
    • Introduces the partner company for the second half of the demo.
  • 05:33:915 · Wiz Security Graph UI
    • Shows the visual representation of cloud assets, agents, and their relationships, including a highlighted attack path.
  • 06:56:885 · Wiz AI Security Report inside a code editor
    • Demonstrates the integration of security findings directly into the developer’s workflow.
  • 07:37:655 · Title slide: Wiz Green Agent
    • Introduces the remediation agent from Wiz.
  • 08:40:455 · Terminal output: 'Wiz Security Scan (pre-commit): Passed. No issues found.'
    • Shows the final verification step, confirming the fixes were effective before the code is merged.

Stage (3)

  • 00:04:505 · Ankur Kotwal walks on stage to a podium with two monitors.
  • 04:15:875 · Yinon Costica walks on stage and shakes hands with Ankur Kotwal before they both stand at the podium.
  • 08:52:955 · The audience applauds after the successful demo.

Visual demos (2)

  • 00:47:00 · Google Cloud Console
    • The user navigates through the ‘Agent Platform’ UI, showing the ‘Gateways’, ‘Registry’, and ‘Policies’ sections. A new policy is created using dropdowns and text fields to restrict the ‘planner’ agent to read-only access.
  • 05:31:00 · Wiz Security Platform and Code Editor
    • A ‘Security Graph’ shows a visual map of an attack path. The view then switches to a code editor with an integrated ‘Wiz AI Security Report’ panel. Code diffs are shown as fixes are applied automatically, and finally, terminal output shows a successful pre-commit scan.

Key Topics

AI Agents · Cloud Security · Agent Security · Zero Trust Architecture · DevSecOps · Identity and Access Management (IAM) · Policy Enforcement · Vulnerability Scanning · Code Remediation · Google Cloud Agent Platform · Wiz Security · Prompt Injection · Attack Path Analysis · Role-Based Access Control (RBAC)

Takeaways

  • Google Cloud’s Agent Platform provides fine-grained governance for AI agents through components like Agent Gateway, unique Agent Identities, and IAM policies.
  • Securing agents involves restricting their capabilities, such as preventing open internet access or enforcing read-only permissions on sensitive data sources, to minimize the blast radius of a potential compromise.
  • Agent Identity offers a more secure, immutable, and auditable alternative to broad-purpose service accounts for authenticating individual agent instances.
  • Wiz integrates security directly into the developer workflow, using a ‘Security Graph’ to visualize risks and AI agents (Red and Green) to find and fix vulnerabilities.
  • The ‘Red Agent’ simulates attacks to validate if a vulnerability is truly exploitable, providing context beyond static code analysis.
  • The ‘Green Agent’ can automatically generate and apply prioritized code fixes for identified risks, accelerating the remediation process within the developer’s own tools.
  • By combining agent-native security controls with integrated code-to-cloud scanning and remediation, organizations can build applications faster without sacrificing security.
  • The ‘human in the loop’ remains crucial for approving and sequencing AI-suggested security fixes, balancing automation with control.