makeyourAI.work the machine teaches the human

Week 4: RAG, Context, and Agentic Systems

Agentic Flows, RBAC, and Poisoning Risks

Agent systems inherit every application security problem plus new orchestration ones.

advanced 70 minutes Retrieval and Agent Gate

Objective

Describe tool-using agent flows, where RBAC applies, and how retrieval or tool inputs can poison outcomes.

The lesson is public. The pressure loop lives inside the app where submissions, revision, and review happen.

Deliverable

A retrieval architecture brief and an agent threat model.

Each lesson contributes to a week-level artifact and eventually to the shipped AI-native SaaS.

Preview

Public lesson preview.

Lesson Preview

Agentic Flows, RBAC, and Poisoning Risks

Agent systems inherit every application security problem plus new orchestration ones.

This lesson studies agentic systems as orchestrated workflows with memory, tools, and state transitions, not as magic “autonomous” entities.

Agents multiply failure surfaces: prompt injection, over-broad tool access, bad intermediate state, poisoned retrieval, and unclear authority boundaries.

An agent is a policy-constrained state machine wrapped around a model. The model reasons; the surrounding system must decide what actions are permitted and what evidence is trusted.

What This Is

This lesson studies agentic systems as orchestrated workflows with memory, tools, and state transitions, not as magic “autonomous” entities.

Why This Matters in Production

Agents multiply failure surfaces: prompt injection, over-broad tool access, bad intermediate state, poisoned retrieval, and unclear authority boundaries.

Mental Model

An agent is a policy-constrained state machine wrapped around a model. The model reasons; the surrounding system must decide what actions are permitted and what evidence is trusted.

Deep Dive

Once a model can choose tools, your problem stops being text generation and becomes workflow governance. Which tools can be called? With what arguments? Against which user context? What happens when retrieved context is hostile or stale? If you cannot answer those questions precisely, you do not have an agent architecture. You have a liability with a loop.

Worked Example

An internal research agent can search docs, draft a summary, and create a task. If it can also read unrestricted HR records because the retrieval layer ignored RBAC, you have turned orchestration convenience into a breach path.

Common Failure Modes

Common failures include over-scoped tool credentials, agent memory that mixes users, and no validation between model reasoning and tool execution.

References

Further reading the machine expects you to use properly.

official-doc

LangGraph Overview

Use this for the state-machine framing.

Open reference

official-doc

OWASP Agent Risks

Useful for attack surface awareness.

Open reference

official-doc

Cloudflare Agents and Tools

Bridge agent and tool-boundary thinking into platform concerns.

Open reference