The AI Agent Security Checklist
12 controls every team running production AI agents must own. Each one maps to a concrete OPA policy you can copy. Subscribe to get the checklist immediately, plus bi-weekly governance patterns and incident teardowns.
No spam. Unsubscribe in one click. Privacy policy.
What you’ll get
The checklist itself is a 1-pager you can print or share with your team. Each control answers two questions: “why does this matter” and “what does it look like in code.”
- 1. Action governance — explicit allow/deny per tool
- 2. Operation-scoped permissions
- 3. Per-agent service grants
- 4. Human-in-the-loop approvals for high-risk actions
- 5. Tamper-evident audit trail (hash chaining)
- 6. DLP scanning of inputs and outputs
- 7. SSRF protection on outbound HTTP
- 8. Rate limiting and blast-radius caps
- 9. Anomaly detection on agent behavior
- 10. Prompt-injection and content guardrails
- 11. Policy-as-code with a review trail
- 12. Compliance-ready proof packs
Already running agents in production? The checklist pairs with Shadow Mode: run AAF non-enforcing for 30 days and we’ll show you exactly which actions would have been blocked.
Every other Tuesday
Three things in every issue, never more. Built for engineers who don’t have time for another marketing newsletter.
1 governance pattern
A concrete OPA/Rego pattern for a real agent risk — copy-pasteable.
1 incident teardown
A public AI agent incident broken down with the controls that would have prevented it.
3 curated links
The week's best writing on AI agent security and governance — no fluff.
Ready to govern your agents?
The checklist hits your inbox immediately. Or skip ahead and try AAF’s free tier — 100 actions/month, no credit card.