The practicality of mobile agents hinges on realistic security techniques. Mobile agent systems are combination client/servers that transport, and provide an interface with host computers for, mobile agents. Transport of mobile agents takes place between mobile agent systems, which are located on heterogeneous platforms, making up an infrastructure that has the potential to scale to the size of any underlying network. Mobile agents can be rapidly deployed, and can respond to each other and their environment. These abilities expose flaws in current security technology. This article surveys the risks connected with the use of mobile agents, and security techniques available to protect mobile agents and their hosts. The inadequacies of the security techniques developed from the information fortress model are identified. They are the result of using a good model in an inappropriate context (i.e. a closed system model in a globally distributed networking computing base). Problems with commercially available techniques include: (1) conflicts between security techniques protecting hosts and mobile agents, (2) inability to handle multiple collaborative mobile agents, and (3) emphasis on the credentials of software instead of on the integrity of software to determine the level of trust.