United in Defense: Architecting Safe and Trustworthy AI Agents
Rabimba Karanjai
BSides Seattle 2026 · Day 2 · Track 1
Rabimbo, a Google Developer Expert and scientist at PayPal, presents a comprehensive security framework for AI agent systems, covering the full lifecycle from training data provenance through model serving to multi-agent output validation. Unlike many AI security talks that focus narrowly on prompt injection, Rabimbo maps the broader threat surface including data poisoning, model source tampering, backdoored neural networks, pickle deserialization attacks, bearer token exposure, sensitive data inference, and the cascading failure modes of multi-agent architectures.
AI review
A broad survey of AI agent security covering data poisoning, model supply chain attacks, pickle deserialization, multi-agent cascading failures, and differential privacy. The pickle deserialization demo is well-executed, and the real-world finding about code-only models leaking sensitive data through chained execution is genuinely interesting. However, the talk covers too much ground at insufficient depth -- each topic could be its own presentation, and the result is a landscape overview rather than deep technical research.