Resources · AI Agent Security

AI Agent Security

Understanding what AI agents can access, what tools they can call, and what could go wrong.

The central question

What can this AI agent access, what can it do, and what could go wrong?

What to review

AI agents create a new access-control surface

An agent is a new actor in the system. Whatever it can read, call, or trigger becomes part of your authorization model.

Tools, connectors, files, APIs, and databases expand agent risk

Every connected tool widens the blast radius. Tool inventories should be reviewed the same way as API surfaces.

Prompt injection and unsafe tool use

Untrusted text in retrieved content, files, or messages can influence which tools an agent decides to call and with what arguments.

Excessive autonomy and missing human approval

Sensitive actions — refunds, deletions, outbound email, privilege changes — should not be reachable without explicit approval boundaries.

Logging, audit trails, and permission boundaries

Every tool call should be attributable, reviewable, and bounded by an explicit permission model.

What an AI agent security review should validate

Tool inventory, permission boundaries, approval gates, input trust assumptions, and validation that risky paths are actually closed.

Refund tool callable without human approval

Agent can access billing records across customers

Retrieved untrusted content can influence tool use

Email tool can send sensitive internal data externally

Tool-call logs are incomplete

Need to review an AI agent?

Telhawk reviews AI agent permission boundaries, tool inventories, and approval gates.