Building the safety foundations for India’s agentic future

By | July 17, 2026

Building the safety foundations for India’s agentic future

Building the safety foundations for India's agentic future

Building the safety foundations for India’s agentic future

Last year, through Google’s Safety Charter for India’s AI-led transformation, we set out our commitment to building trust into India’s digital growth. We also showed how safety features can protect people who face greater risks online.

The agentic era extends that responsibility. Software can now interpret intent, use tools and take action autonomously. This gives developers extraordinary speed, but it also changes what must be secured. Safety can no longer be a final checkpoint before launch. It must be part of the underlying architecture from day one, shaping how agents are built and how they interact.

At I/O Connect India 2026, we announced new tools and open standards to support that shift.

Helping defenders move faster

We are bringing Sec-Gemini v3, our specialised cybersecurity agent, to trusted government and enterprise testers including Flipkart. Sec-Gemini can reason across complex security data and help security operations teams automate tasks like incident investigation, digital forensics, malware analysis etc at machine speed.

Our work also begins earlier in the development process. Project Zero’s Big Sleep research showed that an AI agent could uncover exploitable zero-days in real-world open-source software that human reviewers missed. Our CodeMender agent takes the next step by automatically writing security fixes and contributing them directly back to open-source projects.

To help startups build securely from day one, we are open-sourcing CAPSEM (Capabilities Security for Agents), a secure runtime environment developed by our Privacy and Security Research team. CAPSEM places each AI agent inside an isolated virtual machine, strictly restricting what the agent can access and keeping raw credentials entirely outside its reach. If an agent is compromised or encounters a malicious prompt, the wider system remains fully protected.

Securing interactions between agents

As independent agents begin working across different organisations and conducting commerce, they need common, interoperable traffic rules. We are driving open industry standards because trust in an interconnected ecosystem cannot depend on any single company’s proprietary technology:

  • Device Bound Session Credentials (DBSC): This open W3C standard cryptographically links active login tokens to a user’s physical device hardware, making stolen session cookies instantly useless to bad actors.
  • Agents-to-Payments (AP2): Operating alongside the open Agent2Agent (A2A) protocol, AP2 is designed to make authorised, low-value agent-led financial transactions (under $100) highly secure and accountable.
Agent 2 agent

Deepening institutional collaboration

Securing a digital nation requires deep, localized research. We are establishing new research collaborations with IIT Delhi to support the early detection of online scams and financial fraud infrastructure. Our work with IIT Madras will examine cryptographic protections in firmware.

Academic partnerships

Safety as a catalyst for growth

Verifiable safety directly drives business success. For instance, the Indian gaming and social platform STAN embedded Gemini’s safety stack to automate audio moderation. This allowed them to process over 200,000 hours of local-language audio with nuance and speed. By automating their defense, they expanded moderation coverage by 14 times, dropped errors by 90 per cent, and unlocked a 23 per cent increase in user retention.

When safety is embedded into a product’s foundation, it accelerates growth. Our goal is to weave these protections seamlessly into the fabric of the open web stack, allowing India’s developers to innovate at the speed of thought while the infrastructure handles the defense.

Building a foundation for agentic AI success with SAS Viya - SAS Voices

India is on the brink of an AI revolution, shifting from passive chatbots to autonomous agentic workflows. Building a secure foundation for this ecosystem requires balancing rapid innovation with strict guardrails against systemic risks. [1]

The Agentic Shift

Traditional AI systems only process information or answer queries. Agentic AI executes multi-step tasks independently by using external tools, accessing databases, and making decisions. In India, this technology is poised to transform critical sectors like digital banking, decentralized agriculture, and automated citizen services via the India Stack. [2, 3]

Key Vulnerabilities

  • Indirect Prompt Injection: Malicious actors can hide instructions inside external data (like emails or resumes) that the agent reads, hijacking its behavior.
  • Unauthorized API Execution: Out-of-control agents can accidentally execute financial transactions, delete data, or leak sensitive personal information. [4]
  • Cascading Failures: Interconnected agents can create feedback loops, leading to widespread system crashes in interconnected financial or logistics networks. [5]

Core Pillars of a Safe Foundation

 ┌─────────────────────────────────────────────────────────┐
 │               SAFE AGENTIC FOUNDATION                  │
 └────────────────────────────┬────────────────────────────┘
                              │
         ┌────────────────────┼────────────────────┐
         ▼                    ▼                    ▼
┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐
│  Secure Design   │ │ Human-in-the-Loop│ │ National Standards│
└──────────────────┘ └──────────────────┘ └──────────────────┘

1. Security by Design

  • Isolate Environments: Run autonomous agents inside sandboxed containers to prevent direct access to core operating systems.
  • Limit Tool Permissions: Enforce the principle of least privilege, ensuring agents only access data essential to their specific task.
  • Enforce Strict Verification: Implement rigorous input-validation protocols for all external data sources.

2. Human-in-the-Loop (HITL) Architectures

  • Set Threshold Interventions: Require explicit human approval for high-risk actions like fund transfers or legal commitments.
  • Build Kill Switches: Create centralized mechanisms to instantly pause or terminate agent workflows if anomalies occur.
  • Maintain Audit Trails: Log every decision, tool call, and data source used by the agent for real-time monitoring and forensic analysis. [6, 7]

3. Standardized Testing and Compliance

  • Create Red Teaming Frameworks: Actively stress-test agents against adversarial attacks before public deployment.
  • Align with Indian Regulations: Ensure agent data-handling architectures strictly comply with the Digital Personal Data Protection (DPDP) Act.
  • Establish Benchmarks: Formulate national safety standards tailored to India’s unique multilingual and localized digital infrastructure. [8, 9, 10]
  • Building the safety

Read more

. Google Credential Provider for Windows Adds FIDO2 Security Key Authentication

. Improvement to in-room problem reporting for Google Meet hardware

. Here’s how to make study notebooks in the Gemini app

. Bryson DeChambeau partners with Google Health

. How We Use AI for Your Health | Made by Google Podcast S9E6

****************************************************************************

. New refinement capabilities allow custom editing with Help me write in Gmail

. Now available: group conversations with external collaborators in Google Chat

. Waze rolls out new customization features and more Gemini updates

. Optimize your reach and frequency across campaigns with video campaign groups.

. Made to Create | Scott Hansen is Tycho | Adobe

. AI SEO: Writing That’s Specific May Get Cited More

. How Gemini is speaking the language of Southeast Asia

for more refer Gemini website click here

for more refer Artificial Intelligence  website click here