You are designing the security architecture for an AI agent that will help enterprise customers manage their cloud infrastructure. The agent can read cloud resource configurations, suggest optimizations, and execute approved changes (resize instances, update security group rules, modify IAM policies).
Describe a defence-in-depth architecture across all six layers (input validation, prompt hardening, model safety, output filtering, capability restrictions, monitoring). For each layer:
- Be specific about what you would implement (which classifiers, which prompt patterns, which capability restrictions)
- Explain why it is particularly important for infrastructure management as opposed to a customer service chatbot
- State explicitly what the layer cannot prevent on its own
Conclude with the single highest-priority control you would prioritize implementing first if you had only one week of engineering budget, and justify your choice.