Identity and Access Management for Agents // TRAIN BRAIN

Identity and Access Management for Agents

Learn how to securely build AI agents that interact with user-specific data in a database. This video outlines a high-level, layered approach to securing agents, starting with Identity and Access Management (IAM) for controlling agent access. We then explore the critical intermediary pattern for isolating agents from managing credentials and direct data access, using secure Tools. Finally, discover how Model Armor and Sensitive Data Protection (SDP) add a final layer of defense by inspecting and redacting sensitive information in conversational data.
Chapters:
0:00 - Introduction: Secure Agents and User Data
0:19 - Controlling Agent Management and Interaction with IAM
1:13 - Isolating Agent Credentials: The Intermediary Pattern
1:35 - How Agent Tools Access User-Specific Data Securely
2:54 - Handling Third-Party API Keys without Agent Exposure
3:11 - Protecting Conversational Data: Model Armor and SDP
3:27 - The Three Layers of Agent Security
Resources:
Previous videos
- Secure AI: De-identifying data with SDP → http://goo.gle/4htbmcf
- Secure ADK agents with Secret Manager → http://goo.gle/4oEnFF3
- Agent Sessions and Tool Authentication → http://goo.gle/4oErjid
Subscribe to Google Cloud Tech → https://goo.gle/GoogleCloudTech
#GoogleCloud #IAM #SDP #AIAgent
Speakers: Aron Eidelman
Products Mentioned: Google Cloud Security

Google Cloud Tech

Helping you build what's next with secure infrastructure, developer tools, APIs, data analytics and machine learning....

Connecting ADK Agents to MCP Servers

Use the Gemini CLI Jules and Observability extensions together

Introduction to Vertex AI Agent Engine

Power your AI agents with MCP tools on Google Cloud Run

Use the Gemini CLI Jules and security extensions to fix security vulnerabilities in the background

Use the Jules extension for Gemini CLI to fix multiple GitHub issues

Dataplex fundamentals: Aspects & glossaries

We tried to jailbreak our AI (and Model Armor stopped it)

Parallel bug fixing & unit testing with Jules and Observability extensions for Gemini CLI

How to fix security vulnerabilities with the Jules and security extensions for Gemini CLI

How to fix multiple GitHub issues at once using the Jules extension for Gemini CLI

The path to AI inferencing on GKE Part 1: Guided model research

Vibe coding with Google AI Studio | The Agent Factory

Is it possible to create a model agnostic prompt?

Building agentic RAG for e-commerce with ADK and Vector Search

Demo: Vibe coding a command line Markdown viewer with the Gemini CLI

Don't guess: How to benchmark your AI prompts

Identity and Access Management for Agents

ComfyUI on GKE for Genmedia solutions

Meet Cloud SQL: Google Cloud's fully managed and intelligent relational database service

Autoscaling Your AI Agent Under Load

Common Looker CI errors (and how to tackle them)

Multi-agent vs. single-agent: Which should you use?

Spanner: The always-on, virtually unlimited scale database

Building an AI tutor that ACTUALLY remembers you

Agent Sessions and Tool Authentication

How to build a multi-agent app with ADK and Gemini

The Agent Factory - Episode 11: AI agents for data engineering and data science

How AI agents can remember you forever

Connecting Your AI Agent to a Cloud-Hosted LLM

My AI agent crashed and how to save its memory

Gemini vs. the clock: 5 hours to build a FinTech agent

This month in GKE: September edition

Giving your AI agent a "scratchpad" memory

Secure ADK elements with Secret Manager

Validate your Looker workflow from data to dashboard

AI Agent Dance Off: Comparing Design Approaches

The Agent Factory - Episode 10: Agent Security

Why do AI agents forget everything?

Workflow agents and communication in ADK

Build serverless applications in the Cloud Run hackathon

Common Cloud Run errors and how to fix them with Cloud Logging

Deploying A GPU-Powered LLM on Cloud Run

Build an AI app that watches videos using Gemini

Large scale data ingestion for MongoDB using Application Integration

Salesforce bulk data ingestion using Application Integration

How to enable app management for Google Cloud folder

The Agent Factory - Episode 9: Agent evaluation with ADK & Vertex AI

Protect your LookML: Continuous Integration for reliable data

Secure AI: De-identifying data with SDP

Gemini in Google Threat Intelligence

Foundations of multi-agent systems with ADK

What is Looker CI?

Programmable data quality with Dataplex and generative AI

The Looker MCP server: Your data's universal translator for AI

Observability in action: A Google Cloud Next demo

This month in GKE: August edition

Effortless data prep in BigQuery: A low coder's guide

Brunch, Automated: How to Architect AI Agents for Everyday Tasks

Say hi to the new GKE: A better default compute for every workload

The Agent Factory - Episode 8: Agent payments, can you do my shopping?

How to connect Cloud Run to NoSQL Firestore

They built an AI agent in 3 hours: Virtual try on with skin tone detection

The Agent Factory - Episode 7: Gemini CLI with Taylor Mullen

Configure a Java Producer for Google Cloud’s managed Apache Kafka service (step-by-step)

How memory makes AI agents more effective

Build AI Agents on GKE in the GKE Turns 10 Hackathon

Visualizing BigQuery geospatial data in Colab

How to deploy a container image to Cloud Run

The Agent Factory - Episode 4: Remember me: Memory in Agents

Container-Optimized Compute Platform for GKE Autopilot

The Future of Automation: How AI Agents are Revolutionizing Data and Robotics

Enable Looker Studio report generation with one click!

GKE Inference Reference Architecture, Your Blueprint for Production-Ready Inference

This Month in GKE: July Edition

The Agent Factory - Episode 3: Building Custom Tools for Agents

The future of AI architecture: Using agents to supervise other agents

What is Private Google Access?

Defining AI agents: From definitions to stopping conditions

The AI Agent Bake-Off Ep.1 Trailer / Can They Build an AI Agent in 3 Hours?