Last month, the SNIA Cloud Storage Technologies (CST) Community covered one of the fastest-moving, most disruptive AI technologies – Agentic AI. During our live webinar, “Agentic AI: Use Cases, Benefits, Risks," SNIA CST member Erin Farr explained how Agentic AI works, discussed its benefits and risks, and showed a live demonstration of Agentic AI in action. If you missed the live webinar, you can watch it and download the slides in the SNIA Educational Library. The audience asked several interesting questions. Erin has answered them here:

Q: The use case you chose seems fairly innocuous but what are the risks we should be thinking about?

A: This data validation use case is really a "do less harm" situation.  If data is not valid, you don't want the AI agent to tell you it is, and vice versa.  However, I felt like this scenario was a good starting point for Agentic AI because when talking to customers, even though some were using a data validation tool, it wasn’t enough to instill confidence.  Also, when I looked at how to validate a MongoDB database, it had about six other ways I could have validated it.  So, if I were to build all of them in, and if the agent makes a mistake interpreting one of the results, but the rest do not, that can increase your confidence in the overall results.

This use case was also a good candidate because it's an area where folks are struggling to accomplish robust data validation today as part of testing their cyber resiliency. Finally, we're not taking any automated action on the results. We're initially just trying to understand if the data is valid or not.

Q: What are some of the attack vectors specific to Agentic AI?

A:  Memory Poisoning is an attack vector that involves exploiting an AI's memory systems to introduce malicious data and exploit the agent’s context (effectively, its working memory), which can lead to incorrect decision-making and unauthorized operations.

There's also Tool Misuse, which occurs when attackers manipulate AI agents with deceptive prompts to abuse the agent’s tools. This includes Agent Hijacking, a type of indirect prompt injection where an AI agent ingests manipulated data with additional instructions, causing it to execute unintended actions, such as malicious tool interactions

These attack vectors and others, along with their mitigations, are well-described by OWASP in their Agentic AI – Threats and Mitigations document.

Q: What are other open areas that the industry hasn’t solved yet?

A: One area is evaluating an AI agent’s success. Specifically, being able to test that the plan built by the large language model (LLM) and executed by the agent is providing results that meet the user’s intent.  Generative AI can use LLM-as-a-judge for evaluation, which uses a second LLM to judge the first LLM's results. However, I've not yet found evaluation models that validate execution plans. Plus, the tool calling needs to be validated as well. It's possible I may have just not seen it yet, but I suspect it has yet to be developed.

Q: Production environments for recovery testing will likely not have external internet access, but your use case accesses the internet for both the web search tool and the LLM processing, making me wonder what is the likely acceptance rate of this use case?

A: For on-premises recovery environments without external internet access, you would probably want to use an LLM hosted locally. Regarding the web search tool, that was used as one particular way to determine common enterprise workloads, though, as you may have seen in the demo, the agent used information the model was trained with (and I found those results just as good and often better.) Ideally, this PoC can be changed to a more enterprise-robust implementation by swapping out the web search for APIs that connect to an enterprise’s IT asset inventory application, which would more definitively help determine the applications being used.

Q: You mentioned the ability to improve upon past actions. How much training is needed initially vs. longer term, with regards to the user being able to tweak the model and dial it in to get the right accuracy?

A: The ability to improve upon past actions isn’t so much about training. It’s more about the context window, both its size and the amount of information, you fill it with. Think of the context window as the working memory of the LLM. If you fill that context window with a bunch of tool information you will push out the information about past actions. So, it’s more of a context window tuning problem than a training problem.

Q: Can you provide some reference links for someone starting new in Agentic AI?

A: I used BeeAI (Open Source) which is useful for trying out agents with LLMs locally on your laptop.

• BeeAI Agentic AI framework

https://github.com/i-am-bee

• While I’ve not had a chance to try these out myself, here are a number of beginner classes from Microsoft that were highly recommended by a subject matter expert:

https://github.com/microsoft/ai-agents-for-beginners

Here are additional links that may be useful:

• Model Context Protocol (MCP)

https://modelcontextprotocol.io/introduction

• OWASP Gen AI Security Project – Agentic Threats Navigator

https://genai.owasp.org/resource/owasp-gen-ai-security-project-agentic-threats-navigator/

• Agentic AI – Threats and Mitigations

https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/

And finally, a link to the PoC code I demonstrated:

• Link to PoC demo Code:

https://github.com/IBM/agentic-ai-cyberres

There’s so much to say about Agentic AI, and as Erin mentioned during this webinar, the technology is moving incredibly fast. SNIA CST will continue to provide vendor-neutral information on what’s happening in this space. We are actively working on a follow-up webinar.  Follow us on LinkedIn for announcements.

Cutting-edge innovations in solid-state drive (SSD) power efficiency, and liquid cooling are designed to mitigate AI workload bottlenecks and reduce Total Cost of Ownership (TCO) in data centers. In the Unlocking Sustainable Data Centers: Optimizing SSD Power Efficiency and Liquid Cooling for AI Workloads webinar,  experts from the SNIA SSD Special Interest Group discussed how and why power efficiency matters, NVMe® power management and power states, and power scheduling and optimization examples. Below is a recap of the audience Q&A, with insights into how to move toward lower TCO and greener data centers without sacrificing IOPS. 

Q: What kind of switching times between power states are being considered?

A: That is a tricky question because it is dependent on the specific power state and what needs to be done on the SSD to get it in and out of that power state. If we're talking about idle states, that's typically where hardware components are going to sleep, and that takes time to bring up all the components. So that's going to fall more into the millisecond range, while other power states can be within the microsecond range.

Q: What type of usage is assumed for TP 4199 in system rack data at the data center level?

A: In our webinar, we discuss a few usage models, and there are actually a lot of ways to think about how we could use power measurements.  If you worked in validation or you're familiar with SSD power, you can basically reverse engineer what's happening. You can take that information and use it to get bug info on the fly or optimize host software. Even better, you can compare SSD vendors and ask, “Vendor X reports this, Vendor Y reports that, why is there a discrepancy?” The idea is to create a competitive environment to challenge vendors to improve power efficiency.  This also enables progress towards validating sustainability goals at the rack level.  Compute customers are really stepping it up with their sustainability initiatives, and in order to meet those goals, they need visibility into each individual hardware component.

Q: You spoke about how NVMe® Technical Proposal (TP) 4199 unlocks precise, standardized, scalable power telemetry.  Where can we get more information on the TP and other NVMe information you were discussing?

A: The NVM Express Consortium will post all ratified material and NVMe specifications on their website at nvmexpress.org/compliance.  You can join the NVMe Technical Work Group. There is also a deeper dive on TP4199 in this video[1].  And a 2025 Open Compute Project technical talk also has more details. 

Q: The information presented today is focused around data centers but AI is moving to the edge.  Is there a place that people can go for more information on the same type of content but for the edge?

A: The folks we’re talking to on the edge are really interested in immersion which is interesting because we mentioned for the hyperscalers this density per rack is all focused on liquid. The immersion information actually turns out to be really interesting on the edge where you know there could be heat reuse, etc.  I think edge used to mean smaller populations with one or two servers, but now I think people are seeing edge more for on premises. Regional data centers or telco data centers with a few megawatts might still be an edge. It's certainly very interesting as far as the types of power but for the SSD I think obviously that liquid cooling example is an extreme example where people aren't building 600 kilowatt racks on the edge, but rather they’re building 20 or 30 kilowatt racks. That’s probably the major difference now where we see edge is still more the enterprise/traditional data center where you have extreme power limitations on the rack where actually some of these NGV power states actually become even more critical.

Q: What are your thoughts on balancing serviceability with cooling performance for direct to chip? For example, using thermal interface material (TIM)?

A: I think the interesting thing in that solution we discussed for the E1.S  liquid cooled cold plate solution is actually that they designed a way to make the E1.S hot pluggable with the cold plates so the SSD is still serviceable in the liquid cooling system which is pretty unique. We always want SSDs to be serviceable - to be able to replace any failed drive. We always thought there'd be no serviceability in immersion, but it turns out you can just pull the drive out of the tank, let the fluid drain, and then swap. This is in production - pretty surprising - but liquid cooling and this higher power density makes everything a million times more complicated. It is a lot harder than air-cooled stuff.

Thanks to our moderator, Cameron Brett, SSD SIG Co-Chair from KIOXIA, and our presenters, Jonmichael Hands, SSD SIG Co-Chair from Solidigm, and Nicole Ross from Samsung. SNIA has an extensive Educational Library of SSD materials – type SSD in the search bar for webinars, conference presentations, and white papers. The SNIA SSD Special Interest Group has been focused on Total Cost of Ownership (TCO) for SSDs, with a TCO Model of Storage White Paper and a TCO Calculator.  Stay tuned for a new TCO of Computational Storage coming out soon.    And if you have questions on the webinar, or any of SNIA’s work, send an email to askcms@snia.org  Thanks!

[1] TP4199 Details presented at 2025 OCP Storage Tech Talks by Dan Hubbard (Micron) at the 3 hr 17 minute mark: https://www.youtube.com/watch?v=ppPGAngXX7c