Agentic AI Deployment Readiness Checklist

Scope Applies to any agentic AI system being deployed in a security operations context — vulnerability triage, log analysis, alert enrichment, ticket routing, control monitoring — where the system can take or recommend actions that have real consequences. This is a design-review checklist, not a hardening checklist. The items below ask “have you decided?”, “is it documented?”, “does it pass the test?” — not “what is the output of this command?”. Work top-to-bottom. Items reference the two long-form pieces in the ai-security series for the reasoning behind each control; this checklist is the “have I done it” layer. ...

6 min

Building Agentic AI for Security: Architecture, Threat Modelling, and the Audit Trail You Will Actually Need

The first article in this series covered the strategic and governance considerations for deploying agentic AI in a security context — control postures, the human-in-loop vs on-loop distinction, and the compliance position. If you have not read it, I would suggest starting there. This article is for the architects and engineers who now need to build the system. I will cover reference architecture, how to threat model an agentic pipeline, practical prompt-injection defences, and what your audit trail needs to look like if it is going to hold up under scrutiny. ...

12 min

Agentic AI in Security: Why Control Posture Matters More Than Capability

Agentic AI is no longer a research concept. It is arriving in security tooling right now — in vulnerability management platforms, in SIEM enrichment pipelines, in incident response workflows. Whether your organisation has made a deliberate decision about it or not, the probability is high that it is already touching your environment in some form. My concern is not the capability. The capability is genuinely impressive. My concern is that most of the conversation around agentic AI in security is being led by vendors and AI engineers — not by the people who will be held accountable when something goes wrong. ...

8 min