Architecting Trust: Layered Context and Security for Production AI Agents

This talk will dissect the architectural and machine learning engineering challenges of building trustworthy, multi-actor AI Agents that operate on sensitive user data. We will use Asana’s "AI Teammates" and "Smart Chat" as a case study to demonstrate how we manage to simultaneously expand the operational context of our agents while rigidly enforcing data access controls.

Central Thesis: The system’s core design principle is that the AI Agent never operates with elevated permissions, a guarantee achieved by structurally limiting its visibility to the intersection of the triggering user's access and the agent's own memberships.

Key Themes for ML Engineers:

• Advanced RAG and State Management: We will detail the agent's context assembly process, which moves beyond simple RAG to include dynamic, self-accumulated "Memories", the triggering event's full object context (serialized as XML), and previous execution summaries for continuity.
• Defense-in-Depth Access Control: We will explore a critical, three-layered defense model for data security in a high-throughput search environment:
  - The Search Actor Model: Assigning distinct, permission-limited actors (DomainUser vs. AiTeammateExecution) to different AI types.
  - Query-Time Filtering: Injecting the accessFilter directly into OpenSearch queries to eliminate inaccessible objects at the index level.
  - Post-Query Re-Validation: A database-level re-check on all result IDs—the ultimate defense-in-depth guarantee against index staleness or misconfiguration, ensuring no unauthorized object IDs ever reach the LLM.

Attendees will leave with concrete, battle-tested patterns for building secure, context-aware AI applications that satisfy the highest bar for enterprise data governance.

Know what’s Happening Next — before everyone else does.

Get App

Host or Publisher Asana