Securing the Future: How AI Gateways Protect AI Agent Systems in the Era of Generative AI

The Future: From Rules Engines to Instruction-Following AI Agent Systems

In sectors such as banking and insurance, rules engines have long played a critical role in decision-making. Whether determining eligibility for opening a bank account or approving an insurance claim, these engines apply predefined rules to process data and make automated decisions. When these systems fail, human subject matter experts (SMEs) step in to handle exceptions.

However, the emergence of instruction-following GenAI models is set to change the game. Instead of relying on static rules engines, these models can be trained on specific rule datasets to make complex decisions dynamically. For example, an instruction-following model can assess a customer’s financial history in real time to approve or deny a loan application. No hard-coded rules are necessary—just well-trained models making decisions based on data.

While this shift brings greater flexibility and efficiency, it raises an important question: How do we secure these AI agent systems that replace traditional rules engines?

The Security Challenge: API Gateways and Beyond

Traditionally, business processes—such as rules engines—were encapsulated in APIs, which were then consumed by front-end applications. To protect these APIs, organizations implemented API gateways, which enforce security policies across different layers of the OSI model:

• Network Layer (Layer 3): Block or allow specific IP addresses to control access or prevent Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
• Transport Layer (Layer 4): Ensure secure communication through mutual TLS certificate exchange.
• Application Layer (Layer 7): Implement authentication (OAuth), message validation (JSON threat protection), and guard against threats like SQL injection attacks, etc.

These API policies ensure that only authorized requests can interact with the underlying business processes, making APIs a secure way to manage critical operations.

However, securing these serving endpoints becomes more complex with the rise of AI agent systems—where multiple AI models work together to handle complex tasks. Traditional API policies focus on protecting the infrastructure and communication layers but are not equipped to validate the instructions these AI agent systems receive. In an AI agent system bad actors can abuse prompt inputs and exploit prompt outcomes if not adequately protected. This can lead to poor customer interactions, unwanted actions, and IP loss. 

Imagine a scenario where a banking AI agent system is tasked with determining a customer's eligibility for a loan. If malicious actors gain control over the serving endpoint, they could manipulate the system to approve fraudulent loans or deny legitimate applications. Standard API security measures like schema validation and JSON protection are insufficient in this context.

The Solution: AI Gateways for Instruction Validation

Organizations need to go beyond traditional API policies to secure AI agent systems. The key lies in building AI gateways that protect the API layers and evaluate the instructions sent to the AI agent system.

Unlike traditional APIs, where the message is typically validated through schema checks, AI agent systems process instructions written in natural language or other text forms. These instructions require deeper validation to ensure they are both valid and non-malicious.

This is where large language models (LLMs) come into play. Open-source LLM models such as Databricks DBRX and Meta Llama act as "judges" to analyze the instructions received by AI agent systems. By fine-tuning these models on cyber threats and malicious patterns, organizations can create AI gateways that validate the intent and legitimacy of the instructions sent to the AI agent system.

How Databricks Mosaic AI Secures AI Agent Systems

Databricks provides an advanced platform for securing AI agent systems through its Mosaic AI Gateway. By fine-tuning LLMs on cyber threats and safety risks and training them to recognize and flag harmful instructions, AI Gateway can offer a new layer of security beyond traditional API policies.

Here’s how it works:

1. Pre-processing instructions: Before an instruction is passed to the AI agent system, the Mosaic AI Gateway checks it against predefined security rules.
2. LLM analysis: The instruction is then analyzed by a fine-tuned LLM, which evaluates the intent and determines whether it aligns with the AI agent system’s goals.
3. Blocking malicious instructions: If the instruction is deemed harmful or suspect, the fine-tuned LLM prevents it from reaching the AI agent system, ensuring that the AI does not execute malicious actions.

This approach provides an extra layer of defense for AI agent systems, making them much harder for bad actors to exploit. By using AI to secure AI, organizations can stay one step ahead of potential threats while ensuring that their AI-driven business processes remain reliable and secure.

Conclusion: Securing the Future of AI-Driven Business Processes

As generative AI continues to evolve, businesses will increasingly rely on AI agent systems to handle complex decision-making processes. However, with this shift comes the need for a new approach to security—one that goes beyond traditional API policies and protects the very instructions that drive AI agent systems.

By implementing AI gateways powered by large language models, like those offered by Databricks, organizations can ensure that their AI agent systems remain secure, even as they take on more sophisticated roles in business operations.

The future of AI is bright, but it must also be secure. With tools like Mosaic AI, businesses can confidently embrace the power of AI agent systems while protecting themselves against emerging threats