TL;DR: Agentic AI Security Starter Kit breaks agentic systems into eight control surfaces, from prompt injection and tool-call hooks to runtime policy, sandboxing, audit logging, drift detection, deployment enforcement, and platform-specific constraints, according to Aembit. The core editorial point is that autonomy expands authority faster than existing controls can contain it, so security teams need visibility and guardrails before routine behaviour hardens into precedent.
NHIMG editorial — based on content published by Aembit: the Agentic AI Security Starter Kit
Questions worth separating out
Q: How should security teams govern agentic AI before it reaches production?
A: Start by treating agentic behaviour as an identity and authorisation problem, not only a model risk.
Q: Why do agentic systems create more governance risk than ordinary automation?
A: Ordinary automation follows predefined rules, while agentic systems can select tools and actions dynamically during runtime.
Q: What breaks when audit logging is the main control for AI agents?
A: Audit logging alone only tells you what happened after the fact.
Practitioner guidance
- Define tool-call approval boundaries Require explicit policy checks before any agent can invoke tools that touch production systems, secrets, or customer data.
- Instrument pre- and post-execution hooks Use hooks to validate inputs before tool use and redact credentials before they reach logs.
- Constrain agent blast radius with sandboxing Run high-risk agents in restricted execution environments with read-only filesystems, dropped capabilities, and resource limits.
What's in the full article
Aembit's full post covers the operational detail this analysis intentionally leaves for the source:
- Module-by-module starter code for input validation, hooks, policy enforcement, sandboxing, auditing, drift detection, deployment controls, and agent constraints.
- Runnable Python, shell, OPA/Rego, Docker, Firejail, Bubblewrap, and SQLite examples that teams can adapt to their own environments.
- Specific implementation notes for Claude Code hooks, including configurable tiers and pre-tool-call redaction patterns.
- Guidance on when to start with hooks, when to move to policy evaluation, and when to use audit and containment controls together.
👉 Read Aembit’s Agentic AI Security Starter Kit and control examples →
Agentic AI security starter kit: what breaks in production first?
Explore further
Agentic AI creates a runtime governance gap, not just a new access request workflow. The article shows that agents begin with narrow, defensible use cases and then accumulate authority across tools, services, and data sources. That progression exposes a governance gap that traditional IAM review cycles are too slow to catch. Practitioners should treat agent behaviour as a live control surface, not a static account model.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How do teams decide when an agent needs sandboxing instead of broader access?
A: Use sandboxing when a task can produce real operational impact but does not require direct production reach. If the agent can write files, call APIs, or touch credentials, separate execution from authority. That keeps the blast radius bounded while you learn whether the behaviour is stable enough for production controls.
👉 Read our full editorial: Agentic AI security starter kit exposes production failure modes