Source URL: https://www.schneier.com/blog/archives/2025/05/privacy-for-agentic-ai.html
Source: Schneier on Security
Title: Privacy for Agentic AI
Feedly Summary: Sooner or later, it’s going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it’s worth thinking about the security of that now, while its still a nascent idea.
In 2019, I joined Inrupt, a company that is commercializing Tim Berners-Lee’s open protocol for distributed data ownership. We are working on a digital wallet that can make use of AI in this way. (We used to call it an “active wallet.” Now we’re calling it an “agentic wallet.”)
I talked about this a bit at the RSA Conference…
AI Summary and Description: Yes
**Summary:** The text discusses the emerging concept of AI systems operating as agents on behalf of users, emphasizing the security implications of this technology. It highlights the development of an “agentic wallet” by Inrupt, which aims to leverage AI for personal data management while ensuring decentralization and user consent. The partnership with Visa further illustrates a move towards trust in AI applications and the necessity for robust security measures.
**Detailed Description:**
The text introduces a futuristic exploration of AI systems as agents, capable of acting autonomously with implications for security, privacy, and trust. Key elements include:
– **Introduction of AI Agents:**
– AI systems are expected to evolve into agents that perform tasks on behalf of users, necessitating discussions about their security.
– **Inrupt’s Contributions:**
– The company is developing an “agentic wallet,” which merges AI technologies with personal data management, designed to enhance user autonomy and decision-making.
– This wallet will engage with personal data, transactional records, and external informational context to provide insights and act on behalf of the user, showcasing the need for trust in these systems.
– **Trust and Security Requirements:**
– The mention of trust parallels the reliance users place on existing technologies like emails and social media; hence, there’s a strong emphasis on building systems that prioritize integrity and security from the outset.
– **Collaboration with Visa:**
– Visa is exploring the potential of AI in decision-making for purchases and has established a cooperative framework with Inrupt, which reinforces the decentralized control of personal data.
– Their approach advocates for open standards that prevent monopolization, allowing for flexibility across different AI models.
– **Decentralization of Data:**
– Emphasized is the necessity for decentralized data handling in AI applications, likening personal data stores to wallets. This decentralization assumes significant importance for privacy and user consent in AI’s advancements.
– **Practical Implications:**
– The collaboration and ongoing development highlight critical security and privacy considerations as AI becomes more autonomous.
– The project’s open nature promotes collaboration within the ecosystem, allowing various stakeholders to engage with AI safely and securely.
This analysis indicates a shift towards frameworks that empower users, linking advancements in AI with essential considerations for privacy, security mechanisms, and compliance with data governance standards.