in security management and engineering. Joined Mercari in 2022 and currently leads the Security & Privacy Planning Team, while also being involved in AI Security and AI Governance. Danny Hazaki Manager of Security & Privacy Planning Simon Giroux Engineer for Security & Privacy Joined Mercari in 2018 as the 4th member of its security team, and now focuses on Threat Detection & Response using AI and security as code. Previously worked in Canada as a penetration tester, forensic investigator, auditor, and SOC analyst.
until now… • Humans were operating Apps • The interface is the keyboard + mouse + screen • Cross-app context is handled by the human • Some automation tools are used From now on… • LLMs that can read text and images • Availability of MCPs, Computer Use, Scaffoldings + API
to help her with her work • Alice leaves the company, but the agent is still running • The agent uses credentials of a service account • The agent pushes data into spreadsheets that are no longer being monitored • The agent misclassifies data, shares too broadly → No one notices until it’s too late
AI Agent (or workflow, etc.) Authorisation Server ① Access agent ② Request auth ③ Request login ④ Login with own account ⑤ Return auth token ⑥ Attempt access using auth token User → ACCESS DENIED As the user doesn’t have sufficient permissions to access the data or system in question
SYSTEM AI Agent (or workflow, etc.) Authorisation Server ① Access agent ② Request auth ③ Request login ④ Login with own account ⑤ Return auth token ⑥ Attempt access using auth token User → ACCESS GRANTED As the user does have sufficient permissions to access the data or system in question
if the user has permission, if the agent doesn’t need to do it or access it, it shouldn’t be able to. Short-lived tokens Reduce the window of opportunity for exploit. Frequent access audits Not just for users, but for access by agents / workflows. → Also, permissions to use agents / workflows. → Also, permissions to edit agents / workflows.
With less tools to monitor, gaining visibility is easier Gain visibility Extract the list of workflow configs and system logs Monitor for usage spikes • Automation offers reliability and repeatability • Monitor for significant increase in resource access, failure rates, resource usage by new workflows
explain workflows Keep track of new automations, have LLMs help explaining what they are for Track ownership Cooperate with HR to be notified. If someone moves internally or is leaving, reach out to ensure ownership will be transferred. Maintain automations If the usage of an automation drops to zero, or if the error rate increases, ask the owners to take a look. Decommissioning / retirement If an automation isn’t necessary, ask to have it decommissioned.
actions Require manual human review and/or confirmation Alerting and fallbacks If an AI agent or workflow does something stupid, ensure you will notice it, and can roll back quickly Input validation and guard statements Make it harder for someone to cause your agent to do something bad (on purpose or by accident) Circuit-breaker Be ready to act quickly if the agent misbehaves
Make it easy: provide template and design pattern examples • Maintain review workflows; share reports with the users • If a workflow is taking actions (if/then/else), include a human validation check • Share process success/failure statistics
(inventory, owner mapping) • Introduce a lightweight review process for new automations • Start building templates or scaffolds with secure defaults • Pilot one ‘critical but low-risk’ agent with full guardrails • Set a review cadence (quarterly) for automated processes
mercari
nagatsu
coco_se
r4ynode
yanzm
cdataj
watany
hssh2_bin
yama3133
bengo4com
ebiken
ry
iwamot
marcduiker
kimpetersen
rocio
keavy
techseoconnect
aleyda
akademiya2063
jeffersonlam
panda_program
raygrieselhuber
rmw
.jpg){kind=avatar}
cargoodrich
