Agent Security 101
PSA: If you're serious about Agent Security, stop sending your transactional data to telemetry services. Here's how to do it right:
- Give your agents a database.
- Store all transactions in that database.
- Keep your data inside your system.
- Avoid duplication across multiple systems.
- Stop paying for egress and retention.
Transactional data ≠ Telemetry
Somewhere along the way, people started treating conversational traces as logs (they're not), and started pushing everything (agent inputs, outputs, reasoning, memory) to telemetry vendors. It's not just bad security hygiene, it's inefficient, redundant, and expensive.
Transactional data is what's happening in your system: inputs, outputs, tool calls, memory updates, and internal reasoning. It's the source of truth for your system and should never leave it.
Telemetry data is system metrics and operational metadata (latency, token usage, error rates, throughput, uptime). That's the stuff you aggregate and throw in cold storage after 180 days.
In an agentic system, conversational traces are transactional data. They belong inside your infrastructure:
- They often contain PII, proprietary logic, and sensitive data and should never be sent externally.
- They need to be re-used by your application (by future runs, for debugging and optimization), so you'll store them internally anyway.
So how do you do it properly?
1. Give your agents a database.
Agents need structured storage. Sessions, runs, memory, knowledge — all of it should persist in your database. Just like any other application.
I personally use Postgres + PgVector in production, and Sqlite for demos.
Here's a minimal example:
# /// script
# dependencies = [
# "agno",
# "anthropic",
# "yfinance",
# "sqlalchemy",
# ]
# ///
from agno.agent import Agent
from agno.db.sqlite import SqliteDb
from agno.models.anthropic import Claude
from agno.tools.yfinance import YFinanceTools
# ************* Create Agent *************
agno_agent = Agent(
name="Finance Agent",
model=Claude(id="claude-sonnet-4-5"),
db=SqliteDb(db_file="tmp/finance_agent.db"),
tools=[YFinanceTools()],
instructions="Use tables to display data.",
add_history_to_context=True,
add_datetime_to_context=True,
num_history_runs=3,
markdown=True,
)
# ************* Run Agent *************
agno_agent.print_response(input="What is the stock price of Apple?", stream=True, stream_intermediate_steps=True)
# Run #2 that continues the conversation
agno_agent.print_response(input="Can you write a report on it? Just give me the report, no other text.", stream=True, stream_intermediate_steps=True)
Save this to a file and run it with uv run finance_agent.py. You can see conversation history work flawlessly because it's stored in a local sqlite database.
2. Store all transactions in that database.
When you run your agents, store all transactions in that database. Including: inputs, outputs, context, messages, tool calls, memory updates, knowledge updates, culture updates. Basically everything that happens in your agentic system should be stored in your database.
For enterprise workloads, this isn't just best practice, it's a requirement. You need to persist traces for compliance, auditing, debugging, and continuity.
Agno does this automatically for you.
External telemetry tools were never designed for this. They're built for metrics and logs, not for sensitive, replayable transactional data. You can make the case for running the data plane inside your VPC, you still have to deal with duplicated data (and pay enterprise data license costs).
3. Keep data within your system (and avoid duplication).
Every time you send LLM traces to an external service, you create redundant copies of sensitive data. This violates least-privilege principles and adds unnecessary complexity, you'll have to create "linking-ids" to connect your application usage to actual traces (solving problems that shouldn't exist in the first place).
Anyone who's built data pipelines knows: joining transactional data from app DBs with telemetry metrics is a nightmare. Skip the headache. Keep everything in one system.
4. Want a UI? No problem.
Once your data lives inside your infrastructure, it's easy to visualize. You could spin up a quick Streamlit dashboard or just use the AgentOS UI, which gives you a ready-to-use view of all your agent sessions, runs, memory, knowledge, etc.
Here's how:
# /// script
# dependencies = [
# "agno",
# "anthropic",
# "yfinance",
# "sqlalchemy",
# "fastapi[standard]",
# "mcp",
# ]
# ///
from agno.agent import Agent
from agno.db.sqlite import SqliteDb
from agno.models.anthropic import Claude
from agno.os import AgentOS
from agno.tools.mcp import MCPTools
# ************* Create Agent *************
agno_agent = Agent(
name="Agno Agent",
model=Claude(id="claude-sonnet-4-5"),
db=SqliteDb(db_file="tmp/agno.db"),
tools=[MCPTools(transport="streamable-http", url="https://docs.agno.com/mcp")],
add_history_to_context=True,
add_datetime_to_context=True,
num_history_runs=3,
markdown=True,
)
# ************* Create AgentOS *************
agent_os = AgentOS(agents=[agno_agent])
app = agent_os.get_app()
# ************* Run AgentOS *************
if __name__ == "__main__":
agent_os.serve(app="basic_demo:app", reload=True)
Run this file using uv run basic_agentos.py and connect to it on the AgentOS UI.
5. Finally, stop paying for egress and retention.
Shipping full traces to third parties is expensive. Text is ok but when it comes to images, audio, video, files, etc., you're looking at a lot of bandwidth that is leaving your VPC. Egress fees, retention costs, and redundant storage add up — fast. Keeping data in your own infrastructure saves both money and risk.
Own your data, control your costs.
Why Agno?
Agno was designed from the ground up for building private, secure, high-performance, agentic systems.
- Every Agent comes with its own database.
- All data stays within your system.
- Private. Secure. Open Source.
Agno documentation: agno.link/docs
Signup for the AgentOS: os.agno.com
Star Agno on Github: agno.link/gh
I know mentioning Agno here seems like a plug, it's not. The architecture is simple: you should own your data. You don't have to use Agno for that. You can build it yourself. The difference is that with most telemetry providers, your data stays locked with them forever. With Agno, it stays with you.