OpenAI AgentKit and Agent Builder: Building secure AI agents

OpenAI’s new AgentKit platform marks another major step in the rise of agentic AI—intelligent systems capable of reasoning, acting, and integrating with the tools we use every day. For security and IT leaders, this shift promises incredible efficiency gains but also introduces new attack surfaces that must be understood and managed.

At Nudge Security, we’ve been watching this space closely. Here’s what OpenAI’s AgentKit and Agent Builder bring to the table—and how to approach them safely.

What are AgentKit and Agent Builder?

AgentKit is OpenAI’s new suite of tools designed to help developers and enterprises build, deploy, and manage AI agents. It consolidates capabilities that were previously scattered across APIs and frameworks, giving teams an end-to-end environment to create agents that can act autonomously.

At the center of AgentKit is Agent Builder, a visual drag-and-drop canvas for designing agent workflows. Developers can chain together multiple AI components, connect to APIs or SaaS tools, and apply logic like conditional branching and guardrails—all without writing extensive orchestration code.

AgentKit also includes a Connector Registry for managing integrations with data sources like Google Drive or Dropbox, and ChatKit, which makes it easy to embed an interactive chat interface in any app or website.

In short, AgentKit allows teams to wire together models, tools, and business logic into functional agents that can search data, answer questions, or automate routine tasks. For enterprise IT and security teams, it represents a way to harness AI automation within governed systems, rather than leaving employees to experiment with unapproved “shadow AI” tools.

How agents are deployed

Once you’ve designed an agent workflow in Agent Builder, OpenAI offers two main paths for deployment:

• Embedded chat with ChatKit: The fastest route to deployment is via ChatKit, which provides a ready-made chat interface. Teams can publish an agent workflow, grab its ID, and embed it as a chat widget in a product or internal portal. This option runs fully in OpenAI’s managed environment and is ideal for support bots, internal assistants, or FAQ helpers.
• Self-hosted logic via the Agents SDK: For enterprises that need more control, AgentKit also allows you to export workflows as code (in Node.js, Python, or Go). This lets you host the agent’s logic on your own infrastructure while still calling OpenAI’s APIs under the hood. It’s a flexible option for integrating agents into internal systems, maintaining VPC control, and enforcing custom governance or monitoring requirements.

Both approaches can leverage the Connector Registry for data access and the Global Admin Console for policy and permission management, giving enterprises flexibility in how they balance usability and control.

The new risk landscape of agentic AI

Agentic AI introduces powerful new capabilities, but also new classes of risk that security teams can’t ignore:

• Prompt injection attacks: Malicious inputs can trick agents into ignoring instructions or leaking data. A recent Salesforce AgentForce exploit demonstrated how prompt injection can be used to exfiltrate sensitive CRM records.
• Data leakage and privacy exposure: Agents often connect to internal databases and SaaS apps. A misstep in configuration or data handling can expose confidential or regulated data to unintended audiences.
• Unintended or malicious actions: Agents with automation privileges can take real-world actions—like updating records or sending messages. Without tight guardrails, a misfire or manipulated prompt could cause damage.
• Integration and SaaS supply chain risk: Each connector or external integration expands the potential attack surface. A vulnerability in a connected app (or an unapproved agent accessing sensitive data) can introduce the same visibility gaps that once defined shadow IT.

Best practices for building secure AI agents

Building secure agents requires intentional design and governance from day one. Here are key considerations for using AgentKit safely:

• Turn on guardrails: AgentKit integrates with OpenAI’s Guardrails framework to filter sensitive data, detect jailbreak attempts, and enforce content policies. Use these nodes throughout your workflow—for example, to sanitize user inputs early and validate outputs before they’re shared.
• Apply least-privilege access: Use the Connector Registry to limit agents’ data access to the minimum required. Review permissions regularly and avoid granting write or delete access when read-only will do.
• Insert approval steps for sensitive actions: Agent Builder supports User Approval nodes that pause the workflow until a human signs off. Use them for high-impact operations such as system changes or financial transactions.
• Test and monitor continuously: Use Agent Builder’s Evaluate mode and OpenAI’s Evals framework to simulate adversarial scenarios before production. Once deployed, monitor logs for unusual behavior—like unexpected data queries or spikes in sensitive outputs. Treat each agent like a new team member: onboard it carefully, supervise it closely, and review its performance over time.
• Establish governance and training: Extend your security policies to cover AI agent usage. Keep an inventory of all agents, their owners, and their data access. Train employees on responsible AI use and data handling to reduce the risk of accidental exposure or over-reliance on unvetted agents.

The bottom line on agentic AI

Security leaders should approach these tools with the same rigor they apply to any automation or SaaS integration, combining AI innovation with strong governance, least privilege, and layered defense.

The key is to approach agent development as a partnership between AI capabilities and security principles, ensuring that as your agents get smarter, they also remain trustworthy and compliant. With the right guardrails in place, agentic AI can be a force multiplier for productivity and resilience—helping teams move faster without compromising security.