Security Hardening

Prefer defensive fixes.

Treat AI/agent security as a first-class part of the audit, not a side note.
Do not assume the system prompt, model refusal behavior, or vendor defaults are security boundaries.

Workflow

1. Scope/Posture - stack, auth, data, cloud, AI surfaces, prod sensitivity, regulated data.
2. Threat Model - assets, trust boundaries, attacker paths, blast radius, human layer, agent/tool layer.
3. Core Audit - secrets, injection, authz, session management, deps, logs, privacy, release integrity.
4. Agentic Audit - prompt injection, hostile corpus handling, system prompt leakage, RAG permissions, tool scopes, MCP trust, model-output-to-action paths.
5. Hardening - least privilege, safe defaults, MFA/WebAuthn, narrow egress, retention limits, review gates, trust zones.
6. Execution Guardrails - no direct execution of raw model output; require structured validation, approval for high-impact actions, audit trail, and kill switch.
7. Validate - tests, fix proof, regressions, residual risk, operational gaps.
8. Detect/Report - logs, alerts, abuse detections, severity, CWE/OWASP mapping, privacy impact.

Mandatory AI / Agent Checks

Always check these when AI, automation, MCP, browser/computer use, RAG, or no-code builders are in scope:

• Treat tool output, fetched content, tickets, emails, PDFs, and copied snippets as untrusted data.
• Do not treat the system prompt as a secrets store or primary guardrail.
• Separate planner from executor where possible; the component reading hostile input should not directly hold destructive privileges.
• Do not allow free-form model text to become shell, SQL, HTTP, workflow, or policy actions without schema validation.
• Keep tools in trust zones: read-only by default, writes gated, destructive/admin never autonomous in production.
• Keep secrets out of prompts, memory, transcripts, and model-visible logs.
• Require a review boundary between "read hostile content" and "execute action".
• Prefer short-lived, least-privilege credentials and explicit egress allowlists.
• Ensure agent actions are attributable: user, session, tool, decision, time, model.
• Verify there is an operational kill switch / disable path for agentic workflows.

Reporting

When reporting findings:

• Lead with confirmed exploitable issues, blast radius, and missing control.
• For AI/agent findings, name the hostile source, trust boundary crossed, privilege reached, and why the current guardrail failed.
• Separate confirmed flaws, risky defaults, and missing evidence.
• Use precise references when possible: file, line, endpoint, workflow, connector, or prompt path.
• Map to CWE, OWASP Top 10, or OWASP LLM Top 10 when it sharpens remediation.

Reference Selection

Open only what matches the task:

• Web/app/API authz, injection, headers: owasp-top10.md, api-security.md, graphql-security.md, browser-security-modern.md
• Testing and exploit-proof fixes: security-testing-examples.md, threat-modeling.md
• Supply chain / CI / cloud / containers: supply-chain-security.md, cloud-iam-hardening.md, container-k8s-hardening.md
• AI/agent/MCP/CLI hardening: llm-agent-security.md (includes official provider signals and Claude Mythos Preview context), mcp-security.md, ai-cli-hardening.md, hostile-corpus-review.md
• AI IDE / browser builder / no-code / vibe coding: ai-ide-no-code-security.md, vibecoder-traps.md
• AI operational baselines / profiles / incident response: ai-tool-profiles.md, ai-agent-incident-response.md, quick-start-ai-coding.md
• Detection / response / privacy: detection-engineering.md, incident-playbooks.md, privacy-data-minimization.md, gdpr-security-ops.md

References

• owasp-top10.md, api-security.md, graphql-security.md
• browser-security-modern.md, security-testing-examples.md
• threat-modeling.md, supply-chain-security.md
• cloud-iam-hardening.md, container-k8s-hardening.md
• detection-engineering.md, llm-agent-security.md
• mcp-security.md, ai-cli-hardening.md, hostile-corpus-review.md
• ai-ide-no-code-security.md, vibecoder-traps.md
• ai-tool-profiles.md, ai-agent-incident-response.md, quick-start-ai-coding.md