Security Research

The AI Agent Security Checklist: 15 Things to Review Before Production

Deploying AI agents to production? Use this comprehensive security checklist to identify vulnerabilities before attackers do.

Moltwire Team··3 min read

Before deploying AI agents to production, security teams should review these critical areas. This checklist is based on common vulnerabilities we've observed across agent deployments.

Input Security

1. Prompt injection scanning

Are user inputs scanned for known injection patterns?
Is there monitoring for novel injection attempts?
How does the agent handle suspicious inputs?

2. External data processing

What external data sources does the agent access?
Is retrieved content treated as untrusted?
Are there content isolation measures?

3. System prompt protection

Is the system prompt designed to resist override attempts?
Are there instructions to ignore conflicting commands in data?

Action Security

4. Principle of least privilege

Does the agent have only necessary permissions?
Are high-risk capabilities gated?
Can permissions be revoked dynamically?

5. Tool invocation controls

Are tool calls logged comprehensively?
Are there rate limits on tool usage?
Do dangerous tools require confirmation?

6. Human-in-the-loop for critical actions

What actions require human approval?
Is the approval workflow secure against bypass?

Output Security

7. Data leakage prevention

Are outputs scanned for sensitive information?
Is PII automatically redacted?
Are there controls on what data can leave the system?

8. Response validation

Are generated responses validated for safety?
Is there monitoring for harmful content generation?

Network Security

9. Egress controls

What external endpoints can the agent contact?
Is there monitoring for unusual network activity?
Are known-malicious domains blocked?

10. API security

How are API credentials managed?
Are credentials exposed to the agent's context?
Is there credential rotation?

Observability

11. Comprehensive logging

Are all agent actions logged?
Is the log format structured and queryable?
Is PII handled appropriately in logs?

12. Behavioral monitoring

Are behavioral baselines established?
Is there alerting on anomalies?
Are alerts actionable?

Incident Response

13. Detection capabilities

How quickly can you detect a compromised agent?
What signals indicate compromise?

14. Response procedures

Can compromised agents be quickly isolated?
Is there a runbook for agent security incidents?

15. Recovery planning

How do you recover from agent compromise?
Are there backups of agent configurations?

Using This Checklist

Not every deployment needs every control. Assess based on:

  • What capabilities does the agent have?
  • What data can it access?
  • What's the impact of compromise?

    • High-capability agents with access to sensitive data need more controls than simple chatbots.

    Moltwire can help you implement many of these controls automatically. Contact us for a security assessment of your agent deployment.