If an attacker can retrieve the API and libraries, then use these to write an agent, and then get the attacker’s agent installed, how should Digital Diskus protect itself from such an attack? Should the business analytics system provide a method of authentication of valid agents in order to protect against a malicious one? Is the agent a worthy attack surface?

To protect against such an attack, Digital Diskus should implement proper security measures such as authentication and authorization for access to its API and libraries. This would ensure that only authorized agents can access and use these resources. Additionally, Digital Diskus can implement security measures such as code signing or digital certificates to verify the authenticity of an agent and prevent the execution of malicious code.

The agent itself can also be considered a potential attack surface and as such, should be designed with security in mind. This could include implementing proper input validation, using secure coding practices, and implementing logging and monitoring to detect and respond to potential security incidents.

Overall, implementing a combination of secure design and secure deployment practices can help protect Digital Diskus from such attacks and ensure the integrity and security of its business analytics system.