Controls for Using AI Agents in NetSuite Security

AI agents and large language models (LLMs) present significant advantages but also introduce vulnerabilities. This guide addresses risks inherent to AI integration in NetSuite and elaborates on controls that account administrators and end users can leverage for improved security.

What are the Risks of Using AI Agents?

The adoption of LLMs brings forth key risks, including:

• Prompt Injection: This occurs when malicious actors hide instructions within content for processing by the LLM, leading to unauthorized actions and potential data breaches.
• Hallucination: Refers to instances where LLMs generate plausible yet inaccurate or false information.

The consequences can include:

• Unintended Actions: Execution of commands without user intent.
• Data Corruption: Unforeseen modifications or deletions of data.
• Sensitive Information Disclosure: Unauthorized access to confidential data.

What Controls are Available in NetSuite?

While NetSuite cannot eliminate the risks posed by prompt injection and hallucination, it offers specific controls to mitigate their impact:

• User Access Management: By default, no users are granted access to Managed Cloud Platform (MCP) tools unless explicitly assigned permissions. This ensures that only authorized personnel can invoke AI agent functionalities.
• Permission Restrictions: Tools operate with the same permissions as the user. Critical actions, such as those executed by Administrator roles, are restricted.
• Limited API Access: MCP tools have restrictions preventing elevated privilege actions and external API interactions.
• Logging: All actions taken through MCP tools are logged for accountability.
• Explicit Consent: Users provide consent for each AI agent during OAuth 2.0 authorization.
• Scoped Access: Admins can define the namespace for MCP tools, limiting an agent’s access [to necessary functions only].

How to Enable External AI Agents?

To facilitate external AI agent usage, account administrators and end users must follow specific steps:

Steps for Account Administrators

• Assign MCP Permissions: Grant access to specific users who will utilize AI features.
• Install Necessary Tools: Set up MCP tools that dictate permissible actions for AI agents.

Steps for End Users

• Configure the Agent: Set up the external AI agent for action within NetSuite.
• Authorize the Agent: Enable the agent to operate on your behalf after proper configuration.

What are Effective Mitigation Strategies?

Recognizing prompt injection and hallucination as manageable risks, consider these strategies:

• Assess Vendor Trustworthiness: Partner with reputable AI agents and tools.
• Implement Access Management: Restrict MCP permissions to essential users and roles only.
• Limit Scope of Tools: Factor in only the crucial MCP tools needed for business operations to reduce risk exposure.
• Promote User Awareness: Train staff on potential risks and best practices regarding AI interactions.
• Introduce Technical Safeguards: Use secure environments when employing tools that access sensitive systems.

Conclusion

Understanding and implementing security controls within NetSuite can significantly mitigate risks associated with using AI agents and LLMs, thereby enhancing security and operational integrity.

Source: This article is based on Oracle's official NetSuite documentation.

Key Takeaways

• AI agents can pose risks such as prompt injection and hallucination.
• NetSuite provides controls to manage access and log actions of AI integrations.
• Administrators and users must collaborate to enable and configure AI agents securely.