Toolkits
Your agents ship next quarter. Your security policies say nothing about them.
Agent identity, MCP supply chain, tool permissions, compromise response — the policies and checklists security teams need for agentic AI, mapped to the OWASP Top 10 for Agentic Applications 2026, written by one of its contributors.
Contributor, OWASP Top 10 for Agentic Applications 2026 · CISSP · PhD · 15+ years enterprise security
€390 · organization license · instant download · 14-day refund
VAT handled at checkout · B2B reverse charge with VAT number · invoice provided
Checkout opening soon — leave your email below and we'll send the free sample now.
Generic AI policies don't survive contact with agents.
An "acceptable use of AI" policy covers employees typing into chatbots. It says nothing about a non-human identity holding OAuth tokens, an MCP server pulled from a public registry executing in your estate, or an agent that can be prompt-injected into using its legitimate permissions against you. When the security review lands on your desk, you need documents that speak this language. There are very few people who can write them credibly. We did.
What's inside
AI Agent Identity & Permission Policy template
non-human identity lifecycle, credential scoping, least-privilege for tool access, ownership and review cadence.
MCP Server Vetting Checklist
supply-chain and tool-poisoning screening before any server is allowed in the estate. Distilled from our OWASP MCP work and attack-lab findings.
Agent Deployment Security Review checklist
the pre-production gate, mapped item-by-item to OWASP Top 10 for Agentic Applications categories.
Containment Architecture Reference
a 4–6 page pattern guide: why containment (not detection) is the durable defense for agentic systems, and the reference patterns to implement it.
Incident-Response Runbook: agent compromise
detection signals, isolation steps, tool/credential revocation procedure, evidence preservation, post-incident review template.
Agent Risk Register template
with pre-filled example rows per OWASP ASI category, ready for your risk committee.
Editable .docx/.xlsx, with filled examples.
Who it's for
- Security engineers and architects asked to review or approve agent/MCP deployments.
- Platform leads who own the estate the agents run in.
- CISOs who need agentic AI covered in the policy framework before the auditors or the board ask.
Common questions
How is this different from the free resources on your site?
The free guides teach concepts and let you self-assess. This pack is the operational layer: the policy your CISO signs, the checklist your reviewer runs, the runbook your on-call follows. Different artifact, different job.
Is it mapped to any framework?
OWASP Top 10 for Agentic Applications 2026 throughout, with cross-references to NIST AI RMF where relevant. If you use the free Agent Security Scorecard, the pack's documents map to the same categories — assess with one, fix with the other.
Does it cover our specific stack?
The templates are stack-agnostic by design (any agent framework, any MCP host). Where specifics matter, the filled examples show one concrete instantiation you can adapt.
Updates?
Agentic security moves monthly; the pack is versioned and buyers get 12 months of free updates with change notes.
€390. The agentic security paper trail, done.
Checkout opening soon — leave your email below and we'll send the free sample now.
14-day no-questions refund · instant download · free updates for 12 months
Free sample
Get the MCP Server Vetting Checklist free.
The sample is on its way. You're also subscribed to AI Security Intelligence (one useful email at a time; unsubscribe whenever).