Emerging Best Practices Index
Controls, playbooks, and patterns that are converging across vendors but not yet codified into a published framework. When something here matures into a named framework, promote it to wiki/frameworks/ and leave a stub redirect.
Pages
- Agent Observability — Improving agent observability requires moving from a “black-box” model, where only final outputs are seen, to a “glass-box” security para…
- Agent Sandboxing
- Agent Token Chargeback — The agent token chargeback practice attributes agentic-AI token spend to the consuming business unit and use case via a variable chargeba…
- AI-BOM: AI Bill of Materials
- AI-Era Software Supply Chain Hardening
- AI Security Posture Management (AI-SPM) — AI-SPM is the AI analog to CSPM (Cloud Security Posture Management): a continuous discipline of inventorying AI assets, detecting misconf…
- RA and CMM Anti-Patterns and Failure Modes — Closes peer-review-readiness §4: *“No anti-patterns / failure-modes catalog.
- Credential Proxy Pattern for AI Agents — The credential proxy pattern keeps real secrets out of an agent’s reach: the agent holds only a short-lived proxy token, and a proxy reso…
- Distributed Kill Switch — The distributed kill switch practice puts the authority to halt an agent or agentic workflow into the hands of every team member in the l…
- Data Security Posture Management (DSPM) for AI — DSPM maps where sensitive data lives across cloud repositories and SaaS, classifies it, and ties that map to AI usage.
- Evaluating AI SOC Agents: Gartner’s Seven Questions — A buyer-side evaluation framework for AI SOC agents (Gartner’s term for the agentic-SOC category), from the Gartner report Validate the P…
- Guardian Agent Metagovernance (Guards for the Guardians)
- Multi-Agent Runtime Security: Cascade Detection and IR — The depth-companion to the wiki’s single-agent observability page, focused on what’s specific to multi-agent meshes: cascade-failure dete…
- NHI Governance for AI Agents — Non-Human Identity (NHI) governance for AI agents is the discipline of managing the lifecycle of every credential, token, certificate, an…
- Oversharing Controls for AI Search — AI oversharing is the failure mode where an AI search tool retrieves and combines content that is technically RBAC-permitted but contextu…
- Plan-Validate-Execute Pattern
- Prompt Injection Containment for Agentic Systems
- RAG Hardening
- Securing AI: Talking Points — A four-point briefing outline for an AI security pitch / customer conversation.
- Supply Chain Security for Agentic AI
- VulnOps Implementation Roadmap (Enterprise) — VulnOps names the function; this page is how an enterprise team builds it.
Still needed
Egress control patterns (dedicated page), tool annotation systems, evaluation loops (offline + online), agent quality measurement, structured I/O for agents, RAG poisoning defenses.