Resources

Field guides for building and securing agentic AI.

Practical, vendor-neutral writing on the security problems that show up once software starts acting on its own. Drawn from our training programme and audit work. Free to read, no sign-up. Eleven guides across four areas, plus one-page checklists to take with you.

Start here

2 guides
Foundations

Zero trust for agents

The organising frame for the rest: verify explicitly, least privilege, assume breach, applied to a non-deterministic principal that acts through tools.

12 min read Read guide Methodology

Threat modeling an agentic system

STRIDE-per-component plus attack trees, worked end to end on a multi-agent example. Find the damaging failure modes before you ship.

14 min read Read guide

Designing agents securely

3 guides
Architecture

Least-privilege agent setup

Scope every tool and separate every role so a compromised agent can't pivot. The L0 to L3 hardening ladder and multi-agent discipline.

12 min read Read guide Runtime

Hardening the agent harness and runtime

Default-deny egress, filesystem isolation, hooks, resource limits, and audit outside the agent's reach. Where zero trust is actually enforced.

13 min read Read guide Secrets

Secret management for agents

How an agent inherits authority, and how to keep that authority short-lived, scoped, redacted from logs, and absent from the prompt.

13 min read Read guide

Defending against attacks

4 guides
Attack & defense

Defending against prompt injection

The taxonomy (direct, indirect, tool-output) and a four-layer defense, from model choice to tool-side enforcement. Why prompt wording never holds.

13 min read Read guide Tooling

Securing MCP servers and tools

The tool-calling layer is the new attack surface. How to build, scope, authenticate, and vet Model Context Protocol servers.

12 min read Read guide Attack & defense

RAG and memory poisoning

Retrieval and long-term memory are injection vectors with persistence. How a one-time poison becomes a permanent backdoor, and how to stop it.

12 min read Read guide Supply chain

Model and supply-chain hygiene

Your trusted computing base now includes the model, every MCP server, plugin, skill, and tool description. Almost none of it is yours. Pin and vet it.

12 min read Read guide

Operations

2 guides
Operations

Pre-deployment security review

The review to run before any agent enters production, and quarterly after. Rate each control L0 to L3, work top-down, sign off honestly.

14 min read Read guide Operations

Incident response for agents

When the agent goes rogue: a five-phase playbook for a principal that is non-deterministic, holds its own credentials, and may have poisoned its own memory.

12 min read Read guide

Take it with you

One-page checklists
Prompt injection defensesPDF · one page Least-privilege agent setupPDF · one page Harness & runtime hardeningPDF · one page Secret managementPDF · one page Model & supply-chain hygienePDF · one page Pre-deployment security reviewPDF · one page Incident responsePDF · one page Example threat modelPDF · 240 KB

More guides are in the pipeline. A prompt-injection test suite, evaluation harnesses, and an AI vendor security questionnaire.

Suggest a topic