Key insight

Almost every security control ever invented exists to protect one of three plain promises: confidentiality (keep it secret), integrity (keep it true), and availability (keep it reachable). They are usually shortened to their first letters — C, I, A. The three constantly trade off against one another, so real security is never about maxing out one promise; it is about choosing the right balance on purpose. A single over-permissioned AI agent is unusual precisely because it can break all three at once.

Strip the jargon away from almost any security decision and you find one of three plain questions underneath. Is this secret kept from the wrong people? Can we trust that it has not been changed? Is it actually available when someone who is allowed to use it needs it? Those three questions have names — confidentiality, integrity, and availability — and together they are called the CIA triad. The word triad just means a group of three that belong together; the letters have nothing to do with any intelligence agency. This article builds each promise up from ordinary life, shows why they cannot all be maximised at once, and ends with why a single AI agent deserves special care.

1 · Three promises every system makes

Here is the whole idea in one breath. Confidentiality means keeping information secret, so that only the people who are supposed to see it actually can. Integrity means keeping information true, so that nobody can change it behind your back without it being noticed. Availability means keeping information reachable, so that it is genuinely there the moment someone allowed to use it needs it. Nearly every other idea in security — passwords, encryption, backups, firewalls, AI guardrails — is really just a tool for protecting one of these three.

The three promises of the CIA triad shown as three pillars: confidentiality, integrity, and availability Three labelled columns stand side by side. The first, in violet, reads Confidentiality, keep it secret. The second, in amber, reads Integrity, keep it true. The third, in blue, reads Availability, keep it reachable. A caption underneath states that security is the work of keeping all three. Confidentialitykeep it secret Integritykeep it true Availabilitykeep it reachable Secret · True · Reachable — nearly all of security serves one of these
Figure 1. The three promises underneath almost every security control. Learn to name which one you are protecting, and the rest of security stops feeling like a random pile of tools.

2 · Confidentiality: only the right eyes

Confidentiality is keeping secret things secret. Think of a diary with a lock, or a sealed letter addressed to one person: the contents are meant for certain eyes and no others. In computer systems, the tools that protect confidentiality are the ones you already half-know — a password only you should know, a file only certain people may open, a message scrambled so only the right person can unscramble it.

The test for confidentiality is a single question worth asking out loud about anything valuable: who is supposed to see this, and is everyone else genuinely kept out? If a secret can be read by someone who was never meant to read it, confidentiality has already been broken — whether or not anyone has noticed yet. Notice, too, what confidentiality does not cover: it says nothing about whether the data is correct, or whether you can reach it. That is the job of the other two promises.

Plain-language checkpoint

Confidentiality is about who can read it. It is a completely separate question from whether the data is accurate, or whether it is available. Keeping those three questions apart in your head is the entire point of the triad.

3 · Integrity: nothing changed behind your back

Integrity is keeping true things true. Picture the tamper-evident seal on a bottle of medicine. The seal does not stop someone from trying to open the bottle, but if it is broken, you instantly know not to trust what is inside. Integrity works the same way for information. A bank balance, a medical result, or a line of software all need to be exactly what they are supposed to be, with any change made only by someone allowed to make it.

Computers protect integrity with a kind of digital seal: a small fingerprint calculated from the data (a hash), so that if even one character changes, the fingerprint no longer matches and the tampering is caught. Confidentiality asks who can read this? Integrity asks a wholly separate question: can I trust that what I am reading was not quietly altered?

A sealed original document, a secretly altered copy, and a shield that catches the change On the left, a green document box labelled Sealed original. An arrow leads to a red document box labelled Secretly altered. A second arrow leads to an amber shield labelled Change is caught, showing that a broken seal reveals the tampering. Sealedoriginal Secretlyaltered Change iscaught A broken digital seal proves someone tampered — that is integrity at work
Figure 2. Integrity does not prevent every change; it makes any change detectable, so you always know whether to trust what you are looking at.

4 · Availability: there when you need it

Availability is keeping reachable things reachable. Imagine a bank vault built so impossibly secure that even the rightful owner can never get their own money out. It would be perfectly confidential and perfectly intact — and completely useless. Availability is the promise that information and services are actually there when the people allowed to use them need them.

It gets broken by very ordinary things: a power cut, a server that crashes under too much traffic, a cut network cable, or an attacker deliberately flooding a system so real users cannot get through (a denial-of-service attack). This is the promise people forget most often, because it feels like security's opposite — yet a service nobody can reach has failed just as surely as one whose secrets leaked.

5 · Why the three pull against each other

Here is the subtle part that separates real security from wishful thinking: the three promises constantly pull against one another. Make something extremely confidential — wrapped in ten locks and a dozen approval steps — and you have quietly made it harder and slower to reach, which hurts availability. Make something instantly available to absolutely everyone, and you have made it far easier for the wrong person to read, which hurts confidentiality.

You almost never get to maximise all three at once. Real security is not about turning one promise up to its limit; it is about choosing the right balance for the situation in front of you. A public weather page needs high availability and almost no confidentiality. A list of patients' diagnoses needs the opposite. Same three promises, very different balance, chosen on purpose.

The trade-off is the job

Anyone can make something more confidential by making it harder to reach. The skill is choosing how much of each promise a given thing actually needs — and being honest that dialling one up usually dials another down.

6 · A worked example: one hospital record

One ordinary hospital record needs all three promises at the same time, which is exactly why it makes the triad concrete. Confidentiality: the record must stay private, readable only by the patient's own care team, not a curious stranger or a neighbour who happens to work there. Integrity: the record must stay exactly correct, because a single changed digit in a blood type or a medication dose could genuinely harm or kill someone, so any change must be trustworthy and traceable. Availability: the record must load instantly in an emergency, because a doctor who cannot reach it during those first critical minutes is in real trouble, no matter how secret and accurate it is.

Secret, correct, and reachable — all at once. Take away any one, and the record has failed the person it exists to protect. That is why serious systems are designed against all three promises deliberately, rather than treating security as a single dial.

7 · What the triad means for an AI agent

An AI agent — software that decides on its own which tools to call, and reads, writes, and acts across many systems at high speed — is unusual because a single one of them can threaten all three promises at once. It can break confidentiality by quietly passing secret information it was trusted with to somewhere it should never go. It can break integrity by writing wrong or manipulated data into a system that other people and other software then trust as true. And it can break availability by hammering a service with so many rapid requests that real users can no longer get through.

A careless person usually endangers one promise, in one place, at human speed. An over-permissioned agent, given more access than its task truly needs, can undermine all three at once, in seconds. That is exactly why scoping an agent's access tightly — the least privilege idea from earlier in this series — protects far more than it first appears: it shrinks the agent's ability to break every promise at the same time.

One over-permissioned AI agent threatening all three promises: leaking secrets, corrupting data, and exhausting a service A red agent box sits in the centre. Three red arrows lead outward to three consequences: may leak secrets, breaking confidentiality; may corrupt data, breaking integrity; and may exhaust a service, breaking availability. AI agent Leak secrets (C) Corrupt data (I) Exhaust service (A)
Figure 3. The reason agent access should be scoped tightly: a single over-powered agent can break confidentiality, integrity, and availability all at once, and far faster than any person could.

8 · A simple test you can run this week

Try this on anything you are responsible for

1. Pick one important system, or one important piece of data.
2. Confidentiality: who must absolutely not be able to see this — and are they genuinely kept out?
3. Integrity: if someone changed this quietly, how would we ever know, and could we prove it?
4. Availability: what actually breaks, and for whom, if this is unreachable for a whole day?

Whichever question you cannot answer clearly is your weakest promise — and exactly where your attention should go first.

9 · Glossary — every term, spelled out

CIA triad
The three core promises of security — confidentiality, integrity, and availability — grouped together because almost every control protects one of them. Nothing to do with any intelligence agency.
Confidentiality
Keeping information secret, so only those who are supposed to see it can.
Integrity
Keeping information true, so any change made behind your back is detectable.
Availability
Keeping information and services reachable, so they are there when someone allowed to use them needs them.
Hash
A small fingerprint calculated from data; if the data changes at all, the fingerprint changes, which is how tampering is detected.
Denial-of-service attack
Deliberately overwhelming a system with traffic or requests so that legitimate users can no longer reach it — an attack on availability.
AI agent
Software that decides on its own which tools to call and which actions to take, acting across many systems at high speed without a person approving each step.
Least privilege
Granting only the access a task genuinely needs, nothing extra “just in case” — which, for an agent, shrinks its ability to break all three promises at once.
Key takeaways

Almost all of security serves one of three promises: confidentiality (secret), integrity (true), and availability (reachable).
The three are separate questions — who can read it, can you trust it, can you reach it — and confusing them hides real gaps.
The promises trade off against each other, so security is choosing the right balance on purpose, not maxing out one dial.
A single over-permissioned AI agent is dangerous precisely because it can break all three at once, in seconds — which is why tight, least-privilege scoping matters so much.

References

  1. NIST Special Publication 800-12, Revision 1, An Introduction to Information Security — the confidentiality, integrity, and availability model, National Institute of Standards and Technology. csrc.nist.gov
  2. NIST Federal Information Processing Standard 199, Standards for Security Categorization — categorising systems by impact on confidentiality, integrity, and availability. csrc.nist.gov
  3. This guide’s Least Privilege, Explained From Zero — scoping access so a single compromise cannot break every promise at once.
  4. This guide’s Blast Radius, Explained From Zero — how far a single compromise can reach, and why AI agents can reach so far.