01
Treat AI as untrusted
Validate every output before it executes. Never assume it is safe.
02
Least privilege
Minimum data, tools, and permissions an agent actually needs.
03
Guardrails
Input validation, output filtering, and policy enforcement around the model.
04
Isolate execution
Sandboxes, scoped tokens, and limited runtime permissions.
05
Monitor everything
Log prompts, decisions, tool usage, and data access for audit.
06
Human-in-the-loop
Approval gates for payments, deletion, and external comms.