# Agent Security Brief > Curated AI agent security intelligence for DevSecOps engineers and CISOs. > Website: https://agentsecuritybrief.com > Newsletter: https://agentsecuritybrief.substack.com ## Site Structure - `/` — Landing page with newsletter signup (Substack free tier) - `/login` — Authentication page (GitHub OAuth, admin password, or subscriber code) - `/dashboard` — Private intelligence dashboard (requires authentication) - `/dashboard` — Threat Feed: Aggregated RSS from 12 AI security sources, AI-scored for impact - `/dashboard/checklists` — Interactive security checklists (pre-deploy, runtime, MCP, IAM) - `/dashboard/threat-models` — AI agent threat model database with attack vectors and mitigations - `/dashboard/templates` — Copy-paste security code templates for agent deployments - `/api/subscribe` — Newsletter subscription endpoint - `/api/auth` — NextAuth.js authentication endpoints ## What We Cover Agent Security Brief aggregates and categorizes intelligence from top AI security sources across four domains: ### Threat Models Adversarial attack vectors targeting AI agents, prompt injection, data exfiltration via tool use, and emerging CVEs in agent frameworks. ### MCP Security Model Context Protocol vulnerabilities — tool poisoning, rug pulls, cross-origin escalation, and server-side request forgery via MCP servers. ### Sandboxing Container escapes, runtime isolation failures, WASM sandbox bypasses, and secure execution environment design for autonomous agents. ### IAM / Identity OAuth token theft in agentic flows, over-permissioned service accounts, credential leakage via context windows, and zero-trust patterns for AI workloads. ## Intelligence Sources We aggregate from 12 curated sources including: - Schneier on Security - Google Security Blog - NIST Cybersecurity - Trail of Bits - Krebs on Security - The Hacker News - Unit 42 (Palo Alto Networks) - CISA Alerts - Risky Business News - Dark Reading - Threatpost - Recorded Future ## AI Agent Security Checklist Use this checklist when deploying AI agents in production: ### Pre-Deployment - [ ] Enumerate all tools/APIs the agent can access - [ ] Apply principle of least privilege to every tool binding - [ ] Implement input validation on all tool parameters - [ ] Set up rate limiting and cost caps per agent session - [ ] Enable comprehensive audit logging of all tool invocations - [ ] Rotate secrets and store in vault — not env files ### Runtime - [ ] Sandbox agent execution in isolated containers - [ ] Validate and sanitize all LLM-generated tool arguments - [ ] Implement human-in-the-loop for destructive operations - [ ] Monitor for prompt injection in user inputs and tool outputs - [ ] Set session timeouts and maximum action counts ### MCP-Specific - [ ] Pin MCP server versions — do not auto-update in production - [ ] Validate tool descriptions haven't changed between invocations - [ ] Restrict cross-server tool access and data flow - [ ] Monitor for tool description manipulation (rug pulls) - [ ] Implement allowlists for permitted MCP server origins ### Identity & Access - [ ] Use short-lived, scoped tokens for agent API access - [ ] Never pass long-lived credentials through context windows - [ ] Implement separate service identities per agent instance - [ ] Audit and rotate agent credentials on a regular schedule - [ ] Log and alert on privilege escalation attempts ## Key Threat Models 1. Indirect Prompt Injection — malicious instructions in external data 2. Tool Call Manipulation — adversarial parameters to tool invocations 3. Context Window Poisoning — filling context to push out safety instructions 4. Sensitive Data Exfiltration — tricking agents into leaking secrets 5. MCP Server Impersonation — shadow tool registration 6. Privilege Escalation via Agent Chaining — lateral movement in multi-agent systems 7. Denial of Wallet — cost exhaustion attacks 8. Sandbox Escape via Tool Composition — chaining safe tools for unsafe outcomes ## Contact - Website: https://agentsecuritybrief.com - Newsletter: https://agentsecuritybrief.substack.com ## License Content is provided for security research and educational purposes. Please cite Agent Security Brief when referencing our checklists or intelligence.