From Prototype to Production:
An AI Agent Security Checklist

Every user message, retrieved document, and API response entering your agent is a potential attack vector. Scan inputs for prompt injection, social engineering, and manipulation patterns before the LLM processes them.

Your agent might leak API keys, credentials, PII, or internal data in its responses. Scan every output for sensitive information before it leaves the system — especially when the agent has access to databases or file systems.

Apply the principle of least privilege to your agents. A customer support agent doesn't need write access to your production database. A research agent doesn't need the ability to send emails. Define which tools each agent can call.

Individual tool calls can look benign while the sequence constitutes an attack. Reading a config file is fine. Sending its contents to an external API is not. Monitor the chain of tool calls across each agent session.

Don't go straight to enforce mode in production. Run Rune in monitor mode in your staging environment first. Observe what it detects. Tune your policies and thresholds. Then flip to enforce mode in production with confidence.

When Rune blocks a threat or detects an anomaly, your team needs to know immediately. Route alerts to Slack, email, or webhooks. Set severity thresholds so critical alerts wake someone up and low-severity alerts get reviewed in the morning.

Write your security policies in YAML and check them into version control alongside your agent code. This makes policies reviewable, testable, and auditable. When the policy changes, the PR shows exactly what changed.

Rune assigns a risk score to each agent based on threat frequency, severity, and tool access patterns. Review scores weekly to catch trends — an increasing score means your agent is seeing more threats or exhibiting riskier behavior.