Skip to content

Securing an Autonomous Agent Pipeline in Government

Security review of a multi-agent automation pipeline handling citizen-service workflows.

GovernmentBlast radius reduced through least-privilege agent design

Client profile

A government agency piloting a multi-agent pipeline to triage and action citizen-service requests across several internal systems.

The challenge

Autonomous agents were coordinating through an MCP-integrated toolchain with access to multiple back-end systems. The agency needed to understand how the agents could be manipulated and how far an attacker could pivot if one agent were compromised.

What we did

  • Charted every agent, tool, and MCP server, and the trust between them.
  • Executed agentic workflow injection against multi-step decision points.
  • Reviewed MCP server exposure and the data each tool could reach.
  • Modelled blast radius for a compromised agent.

What we found

  • An injected instruction in one agent's input could redirect a downstream agent's actions.
  • Several tools were exposed to agents that never needed them.
  • Human-oversight checkpoints were missing on higher-impact actions.

The outcome

The agency adopted least-privilege agent and tool design, added oversight checkpoints on high-impact actions, and established guardrails for safe autonomy. Re-testing confirmed the blast radius was materially reduced.

Independent, ANZ-native, and genuinely fluent in both AI and regulation. The roadmap was something our board could act on.
Chief Information Security Officer, Government

Book a Free 60-Minute Briefing

A scoping discussion and threat-landscape overview with our ANZ specialists. No sales pressure.

Book a Briefing