Agentic AI
Operational controls for agentic ai — with maturity levels, evidence requirements, and implementation guidance.
Not sure where to start? Answer 3 questions and get a tailored compliance action plan.
What applies to me? →17 controls matching filters
Agent Prompt Injection Defense
Protect AI agents from prompt injection attacks — adversarial instructions embedded in external content that hijack agent behavior.
Agent Memory and Context Governance
Define policies governing what AI agents store in memory or persistent context, how long it is retained, who can access it, and under what conditions it is deleted.
Human Approval Gate for Irreversible Agent Actions
Require explicit human approval before an AI agent takes actions that are difficult or impossible to reverse, such as sending communications, modifying records, executing transactions, or deleting data.
Agent Action Audit Trail
Log every tool call, decision step, memory read/write, and external interaction made by an AI agent so that the full action sequence can be reconstructed after the fact.
Agent Scope and Task Boundaries
Define and enforce the boundaries of what an AI agent is permitted to do, preventing it from expanding its activity beyond its intended purpose.
Agent Knowledge Source Integrity
Validate that documents, databases, and external sources retrieved by AI agents during task execution have not been tampered with, poisoned, or substituted with adversarial content.
Agent Kill Switch and Emergency Stop
Maintain the operational capability to halt any running agent session, workflow, or agent class immediately — without relying on the agent itself to stop — and recover to a known-safe state.
Kill-Switch Propagation Testing
Regularly test that halt commands propagate correctly through all subagent layers and parallel orchestration environments, stopping all agent activity within a defined time window.
Multi-Agent Delegation Chain Logging
Log and attribute every action in a multi-agent system with sufficient detail to trace any action back to its originating instruction, authorized agent, and human principal.
Agent OAuth Scope Drift Detection
Monitor OAuth token scopes granted to AI agents and alert when scopes exceed the originally authorized set or when new permissions are acquired outside the formal provisioning process.
Agentic AI Deployment Readiness Assessment
Require a structured pre-deployment readiness assessment for tool-enabled AI agents, verifying that key governance controls are in place and that the agent's impact on connected systems has been evaluated before go-live.
Agentic Autonomy Expansion Criteria
Define standardized criteria for incrementally widening an AI agent's autonomy thresholds after initial deployment, ensuring that autonomy expansions are deliberate, evidence-based, and approved through the same governance process as initial deployment.
Agent Data Modification Blast-Radius Containment
Define and enforce limits on the scope of data resources a single AI agent can modify, ensuring that an agent malfunction, misuse, or prompt injection cannot propagate data corruption beyond a bounded and recoverable scope.
AI Tool and Plugin Supply Chain Risk Assessment
Assess and manage supply chain risk from third-party tools, plugins, and extensions used by AI agents, including AI-generated code committed to production repositories, applying software supply chain security controls at the AI extension layer.
RAG Retrieval Boundary Controls for Regulated Data
Implement retrieval boundary controls in RAG (retrieval-augmented generation) pipelines to prevent regulated, classified, or out-of-scope data from entering an AI agent's context window, reducing the risk of unauthorized disclosure or cross-contamination of sensitive information.
Agentic AI Governance Tooling Attestation
Require vendor attestation for platform-level tools used as primary agent oversight controls, validating that telemetry is complete, tamper-evident, and sufficient for governance purposes before the tool is relied upon as a control.
AI Permission Escalation Tabletop Exercise Program
Conduct recurring tabletop exercises that simulate AI agent permission escalation and propagation scenarios, testing whether existing controls contain the escalation, incident response teams can detect and respond effectively, and governance processes are sufficient.
