GenAI & BeyondLunch Talk40min
Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue
This talk addresses securing AI agents against unauthorized actions and data leaks, focusing on OAuth2, OpenFGA, and fine-grained authorization. Attendees will learn strategies such as RBAC, credential-free API calls, securing RAG workflows, and using asynchronous audits to prevent AI misuse and enforce robust security controls.
talk.summaryAiDisclaimer
Deepu SasidharanOkta
talkDetail.whenAndWhere
Thursday, October 9, 12:55-13:35
Room 7
While we make every effort to delay our future robot overlords, the presenter accepts no liability for AI rebellions, unauthorized tool executions, or RAG-induced hallucinations. All auth patterns discussed assume your implementation doesn't contain 'allow-all' policies (we've all been there). OAuth2 and OpenFGA configurations may vary by environment. Please secure your agents responsibly - the machines are watching.
What happens when your AI agents bypass controls, abuse tool permissions, or hallucinate sensitive data from RAG pipelines? The path to an “AI Overlord” starts with one unguarded API call.
In this talk, you’ll learn how to weaponize OAuth2, OpenFGA, and battle-tested authorization strategies to keep AI agents in check. We’ll cover:
✅ Role-Based Shackles: Enforce least privilege for AI toolchains using RBAC and Fine-Grained Authorization (FGA).
✅ Credential-Free Tool Calls: Fortify API integrations with OAuth2 token exchange, letting agents act on behalf of users without ever touching raw credentials.
✅ RAG Jailbreaking Fixes: Embed FGA directly into retrieval workflows to prevent agents from leaking confidential data
✅ Human Guardrails: Leverage asynchronous authorization workflows to audit high-stakes actions.
Forget sci-fi doomsday scenarios—we’re tackling today’s threats. Walk away with knowledge to armor your AI agents against rogue behavior and security nightmares.
What happens when your AI agents bypass controls, abuse tool permissions, or hallucinate sensitive data from RAG pipelines? The path to an “AI Overlord” starts with one unguarded API call.
In this talk, you’ll learn how to weaponize OAuth2, OpenFGA, and battle-tested authorization strategies to keep AI agents in check. We’ll cover:
✅ Role-Based Shackles: Enforce least privilege for AI toolchains using RBAC and Fine-Grained Authorization (FGA).
✅ Credential-Free Tool Calls: Fortify API integrations with OAuth2 token exchange, letting agents act on behalf of users without ever touching raw credentials.
✅ RAG Jailbreaking Fixes: Embed FGA directly into retrieval workflows to prevent agents from leaking confidential data
✅ Human Guardrails: Leverage asynchronous authorization workflows to audit high-stakes actions.
Forget sci-fi doomsday scenarios—we’re tackling today’s threats. Walk away with knowledge to armor your AI agents against rogue behavior and security nightmares.
Deepu Sasidharan
Deepu K Sasidharan is a Software Engineer by passion and profession. He is a Java Champion working as a Staff Developer Advocate at Okta. He is the co-chair of JHipster and the creator of KDash and JDL Studio. He is a polyglot programmer working with Java, Rust, JavaScript, Go, and so on. He is also a cloud technology advocate and an open-source software aficionado. He has authored books on Full-stack development and frequently writes about Java, Rust, JavaScript, Go, DevOps, Kubernetes, Linux, and so on, on his blog.
