What is AgentSecurity?

AgentSecurity is an open standard that defines security boundaries for autonomous AI agents through a simple, declarative file: AGENTSECURITY.md.

Think of it as README.md for security. It lives in the root of your agent project and tells the agent (and anyone reading the code) exactly what the agent is allowed to do, what it must never do, and what requires human approval.

The Problem

AI agents are being deployed with increasing autonomy. They can execute code, call APIs, modify databases, send emails, and manage infrastructure. But most developers building agents don't have security expertise:

They don't understand prompt injection or confused deputy attacks
They don't know about tool escalation or privilege boundaries
They don't implement human-in-the-loop for destructive operations
They don't configure sandboxing, network restrictions, or audit logging
They ship agents without any declared security policy

The result: agents with implicit, undefined security boundaries running in production.

The Solution

Instead of teaching every developer security, embed safe defaults into a file they can copy, customize, and validate.

AGENTSECURITY.md provides:

Tiered security presets — Pick basic, standard, strict, or regulated. Each tier comes with sensible defaults.
Tool permission declarations — Explicitly state which tools the agent can use, with what scope and limits.
Human-in-the-loop configuration — Define which actions require human approval.
Runtime requirements — Sandbox, network, resource, and timeout policies.
Compliance mapping — Each control maps to OWASP, NIST, ISO, and EU AI Act frameworks.
Validator CLI — agentsec check . verifies your code matches your declared policy.

How It Works

1. Add an AGENTSECURITY.md

agentsec init --tier standard

This creates a pre-configured policy file. Customize it for your agent's actual tools and capabilities.

2. Validate Your Policy

agentsec validate .

Checks that all required fields are present and tier-specific requirements are met.

3. Scan Your Codebase

agentsec check .

Detects undeclared tool usage, hardcoded secrets, dangerous code patterns, and policy gaps.

4. Enforce in CI/CD

Add the GitHub Action to block PRs that violate your security policy.

Progressive Disclosure

Inspired by Agent Skills, AgentSecurity uses a three-layer progressive disclosure model to minimize context window overhead:

Layer 1: Discovery (~50-100 tokens) — At startup, only the frontmatter metadata is loaded. The agent knows its security tier and enforcement mode.
Layer 2: Activation (~500-2000 tokens) — When the agent starts a task, the full policy body is loaded with constraints, tool permissions, and HITL requirements.
Layer 3: On-Demand — Detailed compliance mappings and threat models are loaded only when specifically needed.

What AgentSecurity is NOT

Not a runtime guarantee. AGENTSECURITY.md defines intent, not enforcement. A compromised LLM can still violate the policy. Runtime enforcement requires additional infrastructure (proxy, gateway).

Not a certification. Declaring NIST alignment means you've designed with NIST in mind. Formal certification requires independent audit.

Not a substitute for expertise. Templates provide safe defaults, but complex architectures need human security review.

It IS a security abstraction layer. It lets developers who don't know OWASP, NIST, or IAM still ship agents with declared, validated security boundaries.

Who Is This For?

Developers building agents who want safe defaults without learning security from scratch
Security teams who need to audit agent architectures across their organization
CTOs/CISOs who want a standard way to govern agent deployments
Compliance officers who need to map agent behavior to regulatory frameworks