[White paper · v1.0]

The Agentic AI Security Framework.

An open, vendor-neutral model for securing autonomous AI. Four surfaces, four threats, four control domains, mapped to the standards your auditors care about.

Download the document (PDF)

[Overview]

Traditional security assumed software you wrote and users you provisioned. Agentic AI breaks both assumptions: tools you did not build now read your data, call your systems, and act on your behalf. This framework gives security and engineering teams a shared language for the surfaces that need coverage, the threats unique to autonomous AI, and the controls that contain them.

[Surfaces]

Four surfaces where AI meets your data.

Govern all four from one transparent proxy, or leave gaps between point tools.

Models

Every prompt to every LLM, whether hosted, local, or embedded in a product feature.

MCP servers

The tools and data sources agents connect to over the Model Context Protocol.

Browser

Web chatbots and AI features running inside the browser where most work happens.

AI clients

Coding agents and assistants across the IDE, CLI, and API.

[Threat model]

What makes agentic AI different.

Data exfiltration

Secrets, source code, and regulated data leaving in prompts, often pasted by well-meaning employees.

Supply-chain compromise

Rogue or over-permissioned MCP servers inheriting access to internal systems.

Autonomous action

Agents that read, call tools, and act, expanding blast radius far beyond a chat window.

Shadow adoption

Unsanctioned AI tools spreading faster than any approval process can track.

[Control domains]

Four domains, in order.

You cannot control what you cannot see. The domains build on each other.

1 · Discover

Inventory every AI model, agent, client, and MCP server in use through behavioral analytics, including unapproved ones.

2 · Inspect

Examine AI traffic in flight at the prompt level across every surface, with detection that runs locally.

3 · Control

Redact secrets, block unapproved models, and gate MCP servers by policy, applied consistently everywhere.

4 · Govern

Map controls to frameworks, maintain an audit trail, and review posture over time from one control plane.

[Mappings]

How the controls map to standards.

ISO 42001
AI management system, risk treatment, and continual improvement.
EU AI Act
Risk classification, transparency, and human oversight obligations.
SOC 2
Confidentiality and processing-integrity controls for AI data flows.
ISO 27001
Access control, asset inventory, and supplier risk for AI tooling.

[Related]

Related reading

[Get started]

Put the framework to work.

See how Cerbera implements all four control domains across your AI surfaces in a 30-minute demo.

Book a demo