AI Security by Design: A Deep Dive into KnowBe4’s Best Practices for Prompting and Agent Systems

Key Takeaways:

  • Successful AI deployment requires rigorous prompt engineering, modular agent design, and structured evaluations to ensure alignment, security, and reliability.
  • KnowBe4 synthesizes leading guidance from OpenAI, Google, Anthropic, and O’Reilly into a practical framework for building, deploying, and securing AI agents in enterprise settings.
  • Prompt injection and misuse remain significant threats; layered defenses and strict input/output handling are essential.
  • Multi-agent architectures introduce modularity and performance gains—but also require careful orchestration, memory management, and evaluation.
  • Real-world case studies—from cybersecurity classifiers to travel planning agents—illustrate how organizations can responsibly scale AI with guardrails and organizational buy-in.

As AI continues its swift adoption across industries, organizations are racing to not only build effective large language model (LLM) applications—but also to do so safely. In its July 2025 “Best Security Practices for AI Prompting and Building Agent Systems,” KnowBe4 presents one of the most comprehensive, accessible blueprints available for deploying generative AI in secure, scalable, and operationally sound ways.

Compiled with input from ChatGPT and edited by KnowBe4 founder Stu Sjouwerman, the document synthesizes lessons from seven leading AI sources including OpenAI, Google, O’Reilly, and Anthropic. The result is a 60-page resource that spans the full AI lifecycle: from crafting the first prompt to building fully autonomous agents and protecting them against misuse and attack.

This article unpacks key insights and design patterns from KnowBe4’s summary—offering a 1,200-word view of how businesses can navigate the agent-powered AI future.


Prompting is Programming: Design with Purpose

The report begins with a foundational truth: prompting is not guesswork—it’s a form of programming. The O’Reilly guide on prompt engineering emphasizes a “mental model” approach: understand how tokenization works, how context flows through the model, and how prompting techniques like few-shot and chain-of-thought (CoT) influence behavior.

Google’s Gemini framework reinforces this with four prompt pillars: persona, task, context, and format. This structure aligns prompts with predictable behavior, whether you’re generating summaries or analyzing security logs. Key takeaways include:

  • Use natural language over keywords.
  • Average effective prompts are around 21 words.
  • Always iterate. Good prompts improve over time with testing and tuning.

These principles reappear throughout the KnowBe4 document and are essential even for teams focused on agent design.


From Prompt to Agent: Designing Multi-Step Intelligence

While prompt engineering handles one-off tasks, building AI agents means orchestrating sequences of reasoning, tool use, and stateful planning. OpenAI’s agent guide introduces three elements to every agent architecture:

  1. Model: The LLM powering the agent.
  2. Tools: APIs or functions the agent can call to act on the world.
  3. Instructions: Rules governing what the agent can and cannot do.

These agents are designed to move beyond simple Q&A—they can book travel, compose documents, or triage security alerts. Google and Anthropic’s research extends this with multi-agent orchestration patterns, including:

  • Manager–Worker: A top-level agent delegates to specialized sub-agents.
  • Diamond Pattern: Parallel subtasks are run and then synthesized.
  • Planner–Executor: A planning agent drafts a task list and a second executes it step-by-step.

Such architectures enable scale, modularity, and resilience—but also introduce coordination and trust challenges.


Agentic RAG: Beyond Static Retrieval

A significant evolution highlighted by KnowBe4 is agentic RAG (Retrieval-Augmented Generation). Traditional RAG fetches documents once; agentic RAG decomposes the query, performs adaptive lookups across sources, and cross-verifies results over multiple iterations. Google’s whitepaper shows how this improves factual accuracy and mitigates hallucination—crucial for legal, medical, or financial use cases.

The process may involve three or more agents:

  • A retriever to source documents.
  • A summarizer to generate insights.
  • An evaluator to judge quality and coherence.

This modular design not only enhances performance but creates checkpoints for safety and auditing.


Safety, Guardrails, and Prompt Injection Defense

Security is a core focus in the KnowBe4 report, and rightly so. Prompt injection attacks—where malicious users craft inputs to override system instructions—remain a high-risk vector. Drawing from OWASP, OpenAI, and Anthropic, KnowBe4 outlines layered defenses:

  • Prompt separation: Never mix user input with system instructions.
  • Input validation: Sanitize, encode, or quote user inputs.
  • Output filtering: Review model outputs for disallowed content or unsafe tool use.
  • Tool call constraints: Define explicit allowlists and denylists for API actions.
  • Human-in-the-loop (HITL): Require approvals for high-impact decisions like money transfers or account changes.
  • Logging and auditing: Record all prompts, outputs, and tool use for forensic review.

These measures are not optional—especially in regulated or sensitive industries.


Real-World Use Case: Cybersecurity Incident Classifier

The report doesn’t stop at theory. KnowBe4 includes a detailed case study on building a cybersecurity assistant that classifies security incidents by type and severity. Key steps include:

  • Creating a model persona (“junior security analyst”) with constraints (no action without approval).
  • Using tools like log parsers, threat intelligence lookups, and ticketing APIs.
  • Wrapping every function in guardrails that prevent unauthorized execution or privacy breaches.
  • Logging each step and requiring HITL for high-severity incidents.

This use case exemplifies KnowBe4’s mantra: clear task scoping, modular tool design, and layered defense yield secure, useful agents.


Real-World Use Case: Travel Planning Agent

A second case study outlines a multi-city travel planner agent. This bot recommends flights, lodging, and local activities—but is limited to planning, not booking. It uses:

  • Persona: “Friendly, knowledgeable travel concierge.”
  • Tools: Date parser, booking data, cost calculator.
  • Architecture: A planner decomposes cities and dates; workers fetch flights and hotels; an evaluator ensures the itinerary meets constraints.

The focus on feedback loops and scope limits illustrates how even non-sensitive agents must be designed with context-aware reasoning and safety in mind.


Enterprise Integration and Organizational Readiness

Building a capable agent is only half the equation. The KnowBe4 guide draws from OpenAI’s enterprise lessons to help companies move from prototype to production:

  • Start small: Pilot single-use tools and evaluate results rigorously.
  • Embed AI in existing workflows: Don’t ask users to visit a chatbot—bring agents to their daily tools.
  • Empower internal teams: Give domain experts access, training, and guardrails so they can build tailored GPTs safely.
  • Standardize infrastructure: Build internal platforms with API abstractions, monitoring, evaluation harnesses, and governance baked in.
  • Measure everything: Use precision, recall, cost, latency, and user satisfaction as core metrics.

Organizations that approach AI deployment as both a technical and cultural shift are more likely to realize its full benefits.


Anthropic’s Final Word: Keep It Simple, Transparent, and Safe

The KnowBe4 report closes with reflections from Anthropic, emphasizing three enduring principles:

  1. Start simple: Use workflows before agents; use agents before multi-agent systems.
  2. Prioritize transparency: Let users see how the agent reached its conclusions.
  3. Engineer interfaces: Design tools and APIs with safety, versioning, and validation in mind.

These ideas don’t just improve performance—they build trust.

Learn how AI Agents can supercharge your company’s profits and productivity at TMC’s AI Agent Event in Sept 29-30, 2025 in DC.

Rich Tehrani serves as CEO of TMC and chairman of ITEXPO #TECHSUPERSHOW Feb 10-12, 2026 and is CEO of RT Advisors and is a Registered Representative (investment banker) with and offering securities through Four Points Capital Partners LLC (Four Points) (Member FINRA/SIPC). He handles capital/debt raises as well as M&A. RT Advisors is not owned by Four Points.

The above is not an endorsement or recommendation to buy/sell any security or sector mentioned. No companies mentioned above are current or past clients of RT Advisors.

The views and opinions expressed above are those of the participants. While believed to be reliable, the information has not been independently verified for accuracy. Any broad, general statements made herein are provided for context only and should not be construed as exhaustive or universally applicable.

Portions of this article may have been developed with the assistance of artificial intelligence, which may have contributed to ideation, content generation, factual review, or editing.


 

Loading
Share via
Copy link
Powered by Social Snap