Securing agents
Year: 2026 · ▶ Watch on YouTube
Ankur Kotwal (Developer Advocate) · Yinon Costica (Co-Founder & VP of Product)
Segments (2)
- 00:05:00 · Securing Agents with Agent Platform — Ankur Kotwal
- The speaker demonstrates how to use Google Cloud’s Agent Platform, including Agent Gateway, Agent Identity, and IAM policies, to enforce fine-grained security and access control on AI agents.
- 03:59:00 · Securing Code with Wiz — Yinon Costica
- The speaker showcases how Wiz integrates with developer tools to scan code, identify exploitable risks using a ‘Red Agent’, and suggest code fixes using a ‘Green Agent’ to remediate vulnerabilities before deployment.
Products Announced (3)
- 00:28:835 ·
Google Cloud Agent Platform(Demonstrated)- Agent Gateway for proxying and policy enforcement · Agent Identity for unique, immutable credentials · IAM Policies for granular, role-based access control
- Not mentioned
- 05:09:415 ·
Wiz Red Agent(Demonstrated)- Acts as a friendly AI pentester · Exploits issues from the outside to validate risks · Identifies and validates attack paths in the Security Graph
- Not mentioned
- 05:17:105 ·
Wiz Green Agent(Demonstrated)- Acts as a ‘fixer’ for identified vulnerabilities · Suggests root-cause remediations · Integrates with developer workflows and coding agents
- Not mentioned
Demos (2)
- 00:47:00 ✓ · Agent Platform Policy Enforcement — Ankur Kotwal
- The demo showed how to create an IAM policy in the Google Cloud console to restrict a ‘planner’ agent to read-only access on a financial data source, successfully blocking a request to change the budget.
- 05:31:00 ✓ · Wiz Code-to-Cloud Remediation — Yinon Costica
- The demo displayed the Wiz Security Graph identifying a critical attack path, then used the Wiz Green Agent within a code editor to automatically generate and apply code fixes for the vulnerability, which were then committed after a successful pre-commit scan.
Notable Quotes (4)
- 02:14:645 — Ankur Kotwal:
What happens in the planner, needs to stay in the planner.
- 03:39:155 — Ankur Kotwal:
Our zero trust architecture comes with a zero budget policy for impromptu spending.
- 06:24:995 — Yinon Costica:
The Red Agent is the best AI attacker probing your environment, and it goes far beyond code analysis to focus on real risk to your deployed apps and APIs.
- 09:21:555 — Ankur Kotwal:
We no longer have to choose between developer velocity and security.
Visual Signals
On-screen (11)
- 00:08:315 ·
Title slide: Securing agents- Introduces the topic of the presentation segment.
- 00:29:155 ·
Diagram: 'Securing agents' architecture with Agent Registry, Runtimes, and Gateway.- Visually explains the components of the Agent Platform.
- 00:50:885 ·
Google Cloud Console UI: 'Agent Platform / Gateways'- Shows the management interface for agent gateways.
- 01:04:775 ·
Title slide: Agent Registry, Agent Identity- Highlights the concepts of agent registration and unique identities.
- 02:35:985 ·
Title slide: Agent policies- Introduces the policy creation part of the demo.
- 03:34:455 ·
Agent response: 'Access Restricted'- Confirms that the security policy created in the demo was successful.
- 04:34:255 ·
Wiz logo- Introduces the partner company for the second half of the demo.
- 05:33:915 ·
Wiz Security Graph UI- Shows the visual representation of cloud assets, agents, and their relationships, including a highlighted attack path.
- 06:56:885 ·
Wiz AI Security Report inside a code editor- Demonstrates the integration of security findings directly into the developer’s workflow.
- 07:37:655 ·
Title slide: Wiz Green Agent- Introduces the remediation agent from Wiz.
- 08:40:455 ·
Terminal output: 'Wiz Security Scan (pre-commit): Passed. No issues found.'- Shows the final verification step, confirming the fixes were effective before the code is merged.
Stage (3)
- 00:04:505 · Ankur Kotwal walks on stage to a podium with two monitors.
- 04:15:875 · Yinon Costica walks on stage and shakes hands with Ankur Kotwal before they both stand at the podium.
- 08:52:955 · The audience applauds after the successful demo.
Visual demos (2)
- 00:47:00 · Google Cloud Console
- The user navigates through the ‘Agent Platform’ UI, showing the ‘Gateways’, ‘Registry’, and ‘Policies’ sections. A new policy is created using dropdowns and text fields to restrict the ‘planner’ agent to read-only access.
- 05:31:00 · Wiz Security Platform and Code Editor
- A ‘Security Graph’ shows a visual map of an attack path. The view then switches to a code editor with an integrated ‘Wiz AI Security Report’ panel. Code diffs are shown as fixes are applied automatically, and finally, terminal output shows a successful pre-commit scan.
Key Topics
AI Agents · Cloud Security · Agent Security · Zero Trust Architecture · DevSecOps · Identity and Access Management (IAM) · Policy Enforcement · Vulnerability Scanning · Code Remediation · Google Cloud Agent Platform · Wiz Security · Prompt Injection · Attack Path Analysis · Role-Based Access Control (RBAC)
Takeaways
- Google Cloud’s Agent Platform provides fine-grained governance for AI agents through components like Agent Gateway, unique Agent Identities, and IAM policies.
- Securing agents involves restricting their capabilities, such as preventing open internet access or enforcing read-only permissions on sensitive data sources, to minimize the blast radius of a potential compromise.
- Agent Identity offers a more secure, immutable, and auditable alternative to broad-purpose service accounts for authenticating individual agent instances.
- Wiz integrates security directly into the developer workflow, using a ‘Security Graph’ to visualize risks and AI agents (Red and Green) to find and fix vulnerabilities.
- The ‘Red Agent’ simulates attacks to validate if a vulnerability is truly exploitable, providing context beyond static code analysis.
- The ‘Green Agent’ can automatically generate and apply prioritized code fixes for identified risks, accelerating the remediation process within the developer’s own tools.
- By combining agent-native security controls with integrated code-to-cloud scanning and remediation, organizations can build applications faster without sacrificing security.
- The ‘human in the loop’ remains crucial for approving and sequencing AI-suggested security fixes, balancing automation with control.