[White paper · v1.0]
The Agentic AI Security Framework.
An open, vendor-neutral model for securing autonomous AI. Four surfaces, four threats, four control domains, mapped to the standards your auditors care about.
Download the document (PDF)[Overview]
Traditional security assumed software you wrote and users you provisioned. Agentic AI breaks both assumptions: tools you did not build now read your data, call your systems, and act on your behalf. This framework gives security and engineering teams a shared language for the surfaces that need coverage, the threats unique to autonomous AI, and the controls that contain them.
[Surfaces]
Four surfaces where AI meets your data.
Govern all four from one transparent proxy, or leave gaps between point tools.
Models
Every prompt to every LLM, whether hosted, local, or embedded in a product feature.
MCP servers
The tools and data sources agents connect to over the Model Context Protocol.
Browser
Web chatbots and AI features running inside the browser where most work happens.
AI clients
Coding agents and assistants across the IDE, CLI, and API.
[Threat model]
What makes agentic AI different.
Data exfiltration
Secrets, source code, and regulated data leaving in prompts, often pasted by well-meaning employees.
Supply-chain compromise
Rogue or over-permissioned MCP servers inheriting access to internal systems.
Autonomous action
Agents that read, call tools, and act, expanding blast radius far beyond a chat window.
Shadow adoption
Unsanctioned AI tools spreading faster than any approval process can track.
[Control domains]
Four domains, in order.
You cannot control what you cannot see. The domains build on each other.
1 · Discover
Inventory every AI model, agent, client, and MCP server in use through behavioral analytics, including unapproved ones.
2 · Inspect
Examine AI traffic in flight at the prompt level across every surface, with detection that runs locally.
3 · Control
Redact secrets, block unapproved models, and gate MCP servers by policy, applied consistently everywhere.
4 · Govern
Map controls to frameworks, maintain an audit trail, and review posture over time from one control plane.
[Mappings]
How the controls map to standards.
[Related]
Related reading
- Download the framework (PDF)Get the full Agentic AI Security Framework as a shareable white paper.
- MCP Security Best PracticesThe six MCP attack vectors the framework helps you control.
- ISO 42001: developers vs. consumersHow the AI management standard applies to your organization.
- AI security glossaryEvery term in the framework, defined in plain language.
[Get started]
Put the framework to work.
See how Cerbera implements all four control domains across your AI surfaces in a 30-minute demo.
Book a demo