Agent security is not “prompt hygiene”. Tool-using systems introduce new classes of vulnerabilities: goal hijacking, tool misuse, memory poisoning, and cascading failures.
This section focuses on architectural defenses (least agency, isolation, context minimization) rather than relying on model alignment alone.