Agentic AI
Operational controls for agentic ai — with maturity levels, evidence requirements, and implementation guidance.
Not sure where to start? Answer 3 questions and get a tailored compliance action plan.
What applies to me? →12 controls
Agent Permission Boundaries
Apply least-privilege principles to AI agents by explicitly defining and enforcing the tools, APIs, data sources, and actions each agent is authorized to access.
Agent Prompt Injection Defense
Protect AI agents from prompt injection attacks — adversarial instructions embedded in external content that hijack agent behavior.
Agent Memory and Context Governance
Define policies governing what AI agents store in memory or persistent context, how long it is retained, who can access it, and under what conditions it is deleted.
Multi-Agent Trust Hierarchy
Define explicit rules for which agents can instruct, invoke, or delegate authority to other agents in multi-agent systems.
Human Approval Gate for Irreversible Agent Actions
Require explicit human approval before an AI agent takes actions that are difficult or impossible to reverse, such as sending communications, modifying records, executing transactions, or deleting data.
Agent Action Audit Trail
Log every tool call, decision step, memory read/write, and external interaction made by an AI agent so that the full action sequence can be reconstructed after the fact.
Agent Scope and Task Boundaries
Define and enforce the boundaries of what an AI agent is permitted to do, preventing it from expanding its activity beyond its intended purpose.
Agent Environment Isolation
Run AI agents in isolated execution environments that limit their ability to access host systems, network resources, or data beyond what their task requires.
Agent and Non-Human Identity Management
Issue every AI agent a distinct, bounded identity with scoped credentials, a defined lifecycle, and access controls — rather than sharing service accounts or running under user identities.
Agent Knowledge Source Integrity
Validate that documents, databases, and external sources retrieved by AI agents during task execution have not been tampered with, poisoned, or substituted with adversarial content.
Agent Behavior Monitoring and Anomaly Detection
Continuously monitor deployed agents for behavioral drift, unusual tool call patterns, unexpected resource consumption, and actions outside their defined operational envelope.
Agent Kill Switch and Emergency Stop
Maintain the operational capability to halt any running agent session, workflow, or agent class immediately — without relying on the agent itself to stop — and recover to a known-safe state.