Building deterministic security for multi-agent AI workflows | David Gildea (Druva)

David Gildea has learned that traditional security models collapse when AI agents start delegating tasks to 50 or 60 other agents in enterprise workflows. As VP of Product for AI at Druva, he's building deterministic security harnesses that solve the authentication nightmare of multi-agent systems while maintaining the autonomous capabilities that make AI valuable.

David explains why MCP specifications gained faster enterprise adoption than A2A despite having weaker security features, telling Ravin how his team is addressing authentication gaps through integration with existing identity management systems like Okta. He shares Druva's approach to wrapping AI agents in security frameworks that require human approval for high-risk actions while learning from user behavior to reduce approval friction over time.

He also covers Druva's evolution from custom RAG systems to AWS Bedrock Knowledge Bases, demonstrating how to build knowing that components will be replaced by better solutions. 

Topics discussed:

• Multi-agent workflow security challenges with 50+ agent delegation chains
• MCP specification adoption advantages over A2A for enterprise authentication
• Deterministic security harnesses wrapping non-deterministic AI agent behaviors
• Identity management complexity when agents impersonate human users in enterprise systems
• Human-in-the-loop scaling problems and supervisor agent solutions for authorization
• AI-first capability layers replacing traditional API structures for agent interactions
• Hyper-personalization learning from individual user behavior patterns over time
• Objective-based chat interfaces eliminating traditional software navigation complexity
• Building replaceable AI components while maintaining development velocity and learning

Listen to more episodes: 

Apple 

Spotify 

YouTube

Website