AI Agent Security Answers
Grounded, cited answers to the questions teams ask when securing AI agents — mapped to the NIST AI RMF, the OWASP LLM Top 10, and ISO/IEC 42001.
OWASP LLM Top 10
- What is the OWASP LLM Top 10 and why does it matter for AI agents?
- What is OWASP LLM01 prompt injection and how do I prevent it?
- What is OWASP LLM02 insecure output handling and how do I fix it?
- How do I prevent model denial of service (OWASP LLM04) on an AI agent?
- What is OWASP LLM06 excessive agency and how do I mitigate it for a tool-using agent?
- What is system prompt leakage and how do I prevent it?
- What are vector and embedding weaknesses in LLM and RAG applications?
- How do I secure the AI/LLM supply chain?
- What is OWASP LLM03 supply chain risk and how do I secure third-party models, LoRA adapters, and datasets?
- How do I verify model provenance and sign model artifacts to defend against OWASP LLM03 supply chain attacks?
- What is OWASP LLM04 data and model poisoning and how do I detect poisoned training or fine-tuning data?
- What is OWASP LLM02 sensitive information disclosure and how do I stop an LLM from leaking PII and secrets?
- What is OWASP LLM05 improper output handling and how do I sanitize LLM output before a browser, shell, or SQL?
- How do I prevent XSS, SSRF, and command injection caused by passing LLM output into downstream systems?
- What is OWASP LLM09 misinformation and how do I reduce hallucinations and overreliance in production?
- How do I ground LLM answers and add verification so the model stops fabricating facts and citations?
- What is OWASP LLM10 unbounded consumption and how do I cap tokens, cost, and denial-of-wallet on an LLM API?
- How do I prevent model extraction and theft attacks against my deployed LLM under OWASP LLM10?
- How do I red-team and test an LLM application for prompt injection and jailbreaks before launch?
- How do I map the OWASP LLM Top 10 to NIST AI RMF and ISO/IEC 42001 controls for an audit?
- What guardrails and input/output validation controls cover the full OWASP LLM Top 10 for an AI agent?
NIST AI RMF
- What is the NIST AI RMF and how do I apply it to AI agents?
- What does the NIST AI RMF Govern function require?
- What does the NIST AI RMF require for monitoring AI systems?
- How does the NIST AI RMF address AI incident response?
- How do I apply the NIST AI RMF Map function to an AI agent's context and use case?
- What does the NIST AI RMF Measure function require for evaluating an AI agent's risks?
- How does the NIST AI RMF Manage function prioritize and respond to AI agent risks?
- What is the NIST AI 600-1 Generative AI Profile and how does it apply to LLM agents?
- Which NIST Generative AI Profile suggested actions matter most for securing LLM agents?
- What are the seven NIST AI RMF trustworthiness characteristics and how do they map to agent controls?
- How do I make an AI agent valid and reliable under the NIST AI RMF?
- What does the NIST AI RMF 'safe' trustworthiness characteristic require for autonomous agents?
- How do I demonstrate the NIST AI RMF secure-and-resilient characteristic for an AI agent?
- What makes an AI agent accountable and transparent under the NIST AI RMF?
- How do I satisfy the NIST AI RMF explainable-and-interpretable characteristic for an LLM agent?
- What controls make an AI agent privacy-enhanced per the NIST AI RMF?
- How does the NIST AI RMF address fairness and harmful bias in AI agents?
- How do I map the NIST AI RMF to EU AI Act requirements for high-risk AI?
- What is a NIST AI RMF profile and how do I build one for an AI agent deployment?
ISO/IEC 42001 & 23894
- What is ISO/IEC 42001 and do I need it for AI agents?
- What are the key requirements of an ISO/IEC 42001 AI management system?
- What are the Annex A controls in ISO/IEC 42001 and how are they organized?
- How do I write a Statement of Applicability for ISO/IEC 42001?
- How do I conduct an AI system impact assessment under ISO/IEC 42001 Clause 6.1.4?
- What does an ISO/IEC 42001 AI policy need to contain?
- What roles and responsibilities does ISO/IEC 42001 require for an AI management system?
- How does ISO/IEC 42001 relate to ISO/IEC 27001 and can I reuse my ISMS?
- What are the steps to get ISO/IEC 42001 certified?
- How do I perform the AI risk assessment required by ISO/IEC 42001 Clause 6.1.2?
- What do Clauses 4 to 10 of ISO/IEC 42001 require?
- What is ISO/IEC 23894 and how does it guide AI risk management?
- How does ISO/IEC 23894 build on ISO 31000 for AI risks?
- What is the difference between ISO/IEC 23894 and the NIST AI RMF?
- What is the difference between ISO/IEC 42001 and ISO/IEC 23894?
- What data governance controls does ISO/IEC 42001 require for AI systems?
- How does ISO/IEC 42001 handle third-party and supplier AI relationships?
- What AI system lifecycle controls does ISO/IEC 42001 require?
- How does ISO/IEC 42001 help with EU AI Act compliance?
- What AI-specific risk sources does ISO/IEC 23894 identify?
AI agent architecture & threat modeling
- How do I threat-model an autonomous AI agent end to end?
- What are the security risks of multi-agent systems and how do I manage them?
- How do I secure Model Context Protocol (MCP) tool servers used by AI agents?
- What is MCP tool poisoning and how do I defend against malicious tool descriptions?
- What is the confused deputy problem in AI agents and how do I prevent it?
- How do I give an AI agent its own identity and authenticate it to downstream services?
- How should I scope OAuth tokens and authorization for AI agent tool calls?
- How do I establish trust between agents in an agent-to-agent (A2A) system?
- How do I secure an AI agent's long-term memory and persistent state?
- What are the security risks of a planner-executor agent architecture and how do I mitigate them?
- How do I define trust boundaries and a data-flow diagram for a tool-using AI agent?
- How do I sandbox AI agent code execution and shell or browser tools?
- How much autonomy should an AI agent have and when should actions require approval?
- What does the EU AI Act require for autonomous agentic AI systems?
Agentic AI threats & frameworks
- What is the OWASP Agentic AI Top 10 (ASI01–ASI10)?
- What is the OWASP Agentic Skills Top 10 (AST01–AST10)?
- What is the OWASP Top 10 for MCP (Model Context Protocol)?
- What is MAESTRO and how do I threat-model an AI agent with it?
- What is AIVSS (the AI Vulnerability Scoring System) and how does it work?
- What is MITRE ATLAS and how do I use it for AI security?
RAG & data security
- How do I secure a RAG (retrieval-augmented generation) system?
- How do I prevent sensitive data leakage in an AI agent?
- How do I defend against embedding inversion attacks that reconstruct source text from vectors?
- How do I detect and prevent RAG knowledge-base and retrieval poisoning?
- How do I enforce chunk-level access control so users only retrieve documents they're authorized to see?
- What is a security checklist for hardening a vector database used by an AI agent?
- Should I redact or tokenize PII before generating embeddings for a RAG store?
- How do I stop indirect prompt injection hidden inside retrieved documents?
- How do I establish document provenance and trust scoring for RAG sources?
- How do I prevent cross-tenant data leakage in a multi-tenant RAG system?
- How should I encrypt embeddings and metadata at rest and in transit?
- How do I handle data retention and right-to-erasure for documents in a vector store?
- How do I reduce membership inference risk that reveals whether a document is in my RAG index?
- How do I validate and sanitize retrieved context before passing it to the LLM?
- What should I log and audit for every retrieval event in a RAG system?
- How do I vet third-party knowledge sources and datasets before adding them to RAG?
Agent controls & hardening
- How do I apply least privilege to AI agent tools and function calling?
- How do I secure tool and function calling in AI agents?
- When should an AI agent require human-in-the-loop approval?
- How do I rate-limit and cap spend on AI agents?
- What are the most effective defenses against prompt injection?
- How do I scope and restrict permissions for MCP tool servers an AI agent connects to?
- How do I design human-in-the-loop approval gates for high-impact AI agent actions?
- What is the right way to sandbox an AI agent that executes code or shell commands?
- When should I use deterministic guardrails instead of model-based guardrails for an AI agent?
- How do I implement a kill switch to halt a running AI agent safely?
- How do I set spend and cost limits to stop an AI agent from racking up runaway bills?
- How do I prevent an AI agent from getting stuck in infinite tool-calling loops?
- How do I build an allow-list of approved tools, APIs, and domains for an AI agent?
- How do I filter and sanitize AI agent outputs before they reach users or downstream systems?
- What is the best way to handle secrets and API credentials an AI agent needs at runtime?
- How do I give an AI agent its own scoped identity and short-lived access tokens?
- How do I isolate an AI agent with network segmentation and egress controls?
- How do I validate and constrain the inputs an AI agent passes to its tools and APIs?
- Which AI agent hardening controls map to ISO/IEC 42001 and NIST AI RMF requirements?
- How do I add circuit breakers that automatically disable a misbehaving AI agent?
Compliance & governance
- What are the EU AI Act risk tiers and which one applies to my AI agent?
- What obligations does the EU AI Act impose on general-purpose AI (GPAI) model providers?
- When do EU AI Act requirements take effect and what is the compliance timeline?
- What technical and governance requirements must a high-risk AI system meet under the EU AI Act?
- What is the difference between ISO 42001 and the NIST AI RMF, and which should I adopt?
- How do I extend a SOC 2 program to cover AI and LLM systems?
- What should an AI acceptable-use policy include for employees and agents?
- What goes in a model card and what AI documentation do standards require?
- How do I assess third-party and vendor risk for AI models and APIs?
- How do I prepare for an AI governance audit and what evidence do auditors expect?
- How do I handle data residency and sovereignty requirements for AI workloads?
- How do I build an AI risk register and what risks should it track?
- What roles and responsibilities does an AI governance program need to define?
- What is a conformity assessment under the EU AI Act and how do I complete one?
Operations, monitoring & incident response
- How should I log and monitor AI agent decisions for security?
- How do I red-team an AI agent before deploying it to production?
- How do I build an evaluation suite to test an AI agent's safety and guardrails?
- How do I detect model drift and performance degradation in a production AI agent?
- What should an AI agent incident response runbook include?
- What audit trail do I need to log for AI agent actions and tool calls?
- How do I safely roll back or disable an AI agent after a bad deployment?
- What post-market monitoring does the EU AI Act require for high-risk AI systems?
- When and how must I report a serious AI incident under the EU AI Act?
- How do I detect anomalous or compromised behavior in a running AI agent?
- How do I get end-to-end observability and tracing across a multi-agent system?
- How do I run guardrail regression tests for an AI agent in CI/CD?
- What key metrics and KPIs should I monitor for a production AI agent?
- How do I set up effective human oversight and escalation for monitoring AI agents?
- How do I run a continuous red-teaming program for AI agents after launch?
- How do I log LLM prompts and outputs without leaking sensitive data?
- How do I run a post-incident review and corrective action after an AI agent failure?
How does your AI agent score?
Get a free, instant AI agent security readiness snapshot — mapped to NIST, OWASP & ISO — then unlock the full report with a prioritized, cited fix-list.