The League Assembled: Highlights from the AI Agent Security Summit 2025

The AI Agent Security Summit 2025 brought together a vibrant community of security leaders, consultants, professionals, thought leaders, and vendors to discuss the unique security risks, obstacles, and solutions facing today's enterprises. The Summit was marked by an amazing turnout and engagement from the audience, presentations that centered around attack pathways, practitioner insights, and actionable solutions, and enlightening conversations that left attendees inspired and informed.

Attack Pathways

Held at The Cinema at NeueHouse Madison Square, the Summit kicked off with opening remarks from Zenity CTO and Co-Founder Michael Bargury that set the tone for the event. In his presentation, Michael showed how well-meaning Agents can be tricked, manipulated, even jailbroken using promptware, leaving the audience with the parallel to malware, where like malware, promptware needs to be managed. This can be accomplished by understanding the cold hard facts about Agents that they have no: moral compass, conscience, empathy, loyalty, and critically, accountability.

Next, Johann Rehberger illuminated TTPs for prompt injection, showing several powerful infections to exfiltrate data on several different popular AI tools that show how user privacy and security is at risk, how layered defense-in-depth is needed, and to use benchmarks to evaluate agentic systems for security issues. Johann left the audience with the wisdom of ‘assume breach’ for agents, which can (and do) serve as potentially malicious insiders that require appropriate thread modeling.

The first two sessions set the tone for the day, showcasing that a new approach to security is needed.

Insights from Security Leaders and Professionals

A large part of the Summit was designed towards gathering insights from professionals and leaders to answer the question of ‘how are you managing and securing AI Agents today?’

Rick Doten, Walter Haydock, and Nate Lee had a compelling panel discussion that answered that question and more. While each panelist brought their own perspective to the table, there was a common denominator that security teams need to act as business enablers and working alongside the business to embrace AI. While smaller organizations face budget and resource restraints, large organizations have the challenge of scale. Each panelist urged for security teams to band together to leverage existing frameworks and compliance guidelines to pick off low hanging security fruit.

Béatrice Moissinac, in her Lightning Talk, titled An AI, Software Engineer, and Security Researcher Walk Into a Bar…, discussed in detail just how this can look at successful organizations. She first discussed how with diverging objectives between engineers and security teams, it can result in data siloes, risky data practices, uncertainty about risk modeling, and inconsistencies in governance and infrastructure. But she encouraged teams to work together by becoming familiar with concepts, models, and tools that happen across teams to build together, plan together, and work securely together.

Another theme that emanated from the panel and was reiterated in Ken Huang’s keynote Threat Modeling for AI Agents, was the concept of frameworks. It is clear that security professionals need help in understanding and identifying risks specific to AI Agents. Throughout the Summit, a consistent theme emerged where surface-level security controls and approaches simply will not cut it due to the complex and critical nature of what Agents do and what they need access to in order to be valuable. Ken Huang brought up MAESTRO, a 7 layer threat modeling approach that aims to tackle the unpredictability and autonomy of agentic systems.

To complement the frameworks, Nate Lee pushed the boundaries of What You Really Should Be Worried About with AI and Agentic Systems to encourage security professionals to focus on deeper issues pertaining to AI Agents like indirect prompt injection, AuthZ, data exfiltration, automatic tool usage, and how to create safe boundaries for AI writing code. Allie Howe brought this to life when she demonstrated a custom-built, multi-agent system that wasvulnerable to prompt injection, excessive agency, and other vulns (all of which are mapped in OWASP and MITRE frameworks for agentic systems). In another interesting Lightning Talk, Vivek Vinod Sharma detailed what makes RAG systems unique and what makes them vulnerable; namely vulnerable components and hidden threats.

What these talks showed is that there is no shortage of types of agentic systems, each of them requiring their own distinct types of planning, controls, and use cases.

Interactive Sessions and Networking

The best part of the Summit, to us, was that attendees and speakers got the chance to share ideas, give feedback, and learn from one another. The power of coming together as a community highlighted the timeliness of this Summit. The entire purpose of this event was to get out of the generic marketing and vendor-specific language that we hear so often and really provide people with opportunities to engage in hands-on learning and collaborative discussions. Networking sessions allowed participants to connect, share ideas, and forge new partnerships, and open up everyone to the idea that in order to truly secure AI Agents it will take all of us.

Conclusion and Looking Ahead

The AI Agent Security Summit 2025 was a resounding success, bringing together a diverse group of experts to tackle the pressing security challenges of AI agents. The event highlighted the power of community and collaboration in driving forward the secure adoption of AI technologies. As enterprises continue to embrace AI agents, the insights and strategies shared at the summit will undoubtedly play a crucial role in shaping a secure future. Be sure to stay tune for more great content from Zenity Labs!