|6 min read|BreakMyAgent Team

AI Agent Security Review Before Launch: A Practical Checklist

A pre-launch checklist for testing prompt injection, tool permissions, data exposure, and external-action boundaries in AI agents.

AI agent security reviewLLM security checklistprompt injection testing

AI Agent Security Review Before Launch: A Practical Checklist

An AI agent security review checks whether hostile or messy input can make an agent read the wrong data, call the wrong tool, or take an action a user did not approve.

Quick Answer

  1. Test prompt injection against every tool boundary.
  2. Separate read, write, send, spend, and delete permissions.
  3. Check what private context the model can see.
  4. Log tool calls with exact arguments.
  5. Add regression tests for every failed boundary.

Start with the tools

The risky part of an agent is usually not the chat response. It is what the agent can do after reading a prompt.

List every tool, then mark its capability:

Tool type Risk
Read-only search Low to medium
Internal write Medium
External send High
Payment or purchase High
Delete or revoke High

Each tier needs a different confirmation and logging policy.

Test indirect input

Do not only test prompts typed by the user. Test email bodies, documents, web pages, calendar descriptions, support tickets, and any retrieved context the agent may read.

Indirect prompt injection is where many real systems fail because the hostile text looks like data.

What to capture

For each test, save the hostile input, retrieved context, model response, tool call arguments, expected boundary, actual behavior, and mitigation.

Screenshots are not enough. The fix needs a reproducible case.

Where BreakMyAgent fits

BreakMyAgent is built to make these tests concrete. It gives teams a way to catalog attack patterns, run checks, and turn failures into regression coverage.

FAQ

Is a refusal policy enough?

No. Refusal text helps, but scoped tools and server-side checks matter more.

Should every agent need security review?

Any agent with private data or tools should get a review before launch.

What should fail closed?

External sends, purchases, destructive writes, credential handling, and cross-user data access.

Test your system prompt

Apply what you just read. Scan your agent prompt for these vulnerabilities.

Scan My Agent
Scan Agent