API Stronghold
Start Free Trial
← Back to Blog
· 5 min read · API Stronghold Team
API Security Security Best Practices DevSecOps OWASP API Development Security Checklist

The AI Agent Security Checklist: 10 Things Your Agent Shouldn't Have Access To

Cover image for The AI Agent Security Checklist: 10 Things Your Agent Shouldn't Have Access To

API Security • OWASP Top 10 • Pentest Lessons • Real Breaches

Quick Start

Phase 1 fixes block 80% of attacks. Do those first: object auth, JWT validation, SQL params, rate limits. Skip the rest until later.

Your AI agent doesn’t need write access to your entire database. It doesn’t need your admin API key. It definitely doesn’t need withdrawal permissions on your Stripe account just to check a subscription status.

But that’s how most agents get deployed. Developers grab the same credentials they use locally, drop them in env vars, and wire them up. The agent works. Nobody audits what it can actually do with those credentials until something breaks.

I’ve reviewed a lot of AI agent setups. The pattern is consistent: the agent has 3-5x more permission than it needs. A customer support bot with access to billing. A code review agent with production database credentials. An assistant that can send email on behalf of the entire company domain. All of it justified by “it might need this someday.” It won’t. When an attacker gets into that agent, they’ll use every scope it has.

These 10 checks find the excess. Pulled from real breaches: Cisco’s code leak, Reddit’s data dump, MOVEit’s supply chain mess. Each one maps directly to permissions an AI agent picks up without needing them. Do Phase 1 first.

1. Broken object-level auth

Attackers auth as themselves, swap an ID, grab someone else’s data. Saw it everywhere: /users/123/profile, change 123 to 456, done. OWASP API Top 10 #1 for a reason.

Fix it: Check ownership every endpoint. No global roles.

// Express middleware
function checkOwnership(req, res, next) {
  if (req.user.id !== req.params.id) {
    return res.status(403).json({ error: 'Not yours' });
  }
  next();
}
app.get('/users/:id/profile', checkOwnership, getProfile);

Standards: OWASP API-1 Broken Object Level Auth. NIST AC-3.

2. Broken authentication (JWTs)

Weak token validation lets attackers forge logins. No issuer check? Replay old tokens forever.

Fix it: Validate everything: exp, iss, aud, sig.

const jwt = require('jsonwebtoken');
function validateToken(req, res, next) {
  try {
    const token = req.headers.authorization.split(' ')[1];
    const decoded = jwt.verify(token, process.env.JWT_SECRET, {
      issuer: 'yourapp.com',
      audience: 'api:read'
    });
    req.user = decoded;
    if (decoded.exp * 1000 < Date.now()) return res.status(401).json({error: 'Expired'});
  } catch {
    return res.status(401).json({error: 'Invalid token'});
  }
  next();
}

Standards: OWASP API-2. NIST IA-2.

3. Input validation / SQL injection

User inputs ’ OR 1=1—, dumps your DB. Still happens daily.

Fix it: Parameterized queries only. No string concat.

// Node/pg example
const query = {
  text: 'SELECT * FROM users WHERE id = $1',
  values: [req.params.id],
};
const result = await client.query(query);

Standards: OWASP API-3 Injection. NIST SI-10.

4. No Rate Limiting

Skip it, get DDoSed by a script kiddie. Costs skyrocket.

Fix it: Per-user limits with bursts.

const rateLimit = require('express-rate-limit');
const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 min
  max: 100, // 100 req
  keyGenerator: req => req.user?.id || req.ip,
});
app.use('/api/', limiter);

Standards: OWASP API-5. NIST SC-5.

Fix #10 right now

Bad API key management is the easiest check on this list to fix. Start your free trial — zero-knowledge encryption, audit logging, and automatic rotation. 14 days free.

5. Data exposure in responses

API dumps full user records: emails, SSNs everywhere. Clients parse, attackers sniff.

Fix it: Filter fields by role. No “select *”.

// GraphQL example
const resolvers = {
  User: {
    email: (parent, args, context) => {
      if (context.user.role !== 'admin') return null;
      return parent.email;
    }
  }
};

Standards: OWASP API-3. NIST PR.DS-5.

6. Error handling leaks stack traces

500 error spits DB creds or paths. Recon complete.

Fix it: Generic errors in prod, log details.

app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(500).json({ error: 'Server error' });
});

Standards: OWASP API-1. NIST SI-11.

7. CORS Misconfiguration

Browser from evil.com fetches your API. Wildcard origins: disaster.

Fix it: Explicit origins only.

const cors = require('cors');
app.use(cors({
  origin: ['https://yourapp.com', 'https://staging.yourapp.com'],
  credentials: true
}));

Standards: OWASP API-7. NIST SC-7.

8. No dependency scanning

NPM audit finds Log4j holes post-breach.

Fix it: Scan weekly, block vulns.

npm audit --audit-level high
# CI: exit 1 on high

Standards: OWASP Dependency Check. NIST SI-2.

9. Missing audit logging

Breach happens, no logs. Can’t trace.

Fix it: Log auth, changes, access.

// Winston example
logger.info('User login', { userId: req.user.id, ip: req.ip });

Standards: NIST AU-2. ISO 27001 A.12.4.1.

10. Bad API key management

Keys hardcoded in GitHub. Revoke? Nah.

Fix it: Scoped, rotate, vault.

// Use vault or env, rotate 90 days
const key = await getScopedKey('user:read', userId);

Standards: OWASP API-2. NIST SC-12.

Implementation roadmap

Phase 1: Foundation (weeks 1-2)

Start with the ~15 critical items:

  • Authentication & authorization basics
  • Input validation and rate limiting
  • HTTPS everywhere and basic logging
  • Error handling that doesn’t leak info

This alone blocks roughly 80% of common API attacks.

Phase 2: Hardening (weeks 3-6)

Layer on monitoring, infrastructure, and testing:

  • Anomaly detection and alerting
  • WAF deployment and network segmentation
  • Dependency scanning and pen testing
  • Basic compliance controls

Phase 3: Ongoing maintenance

Security isn’t a project with an end date:

  • Automated patching and access reviews
  • Threat modeling updates with each release
  • Security metrics tracking (MTTD, MTTR)
  • Regular audits and team training

Real-world breaches this checklist catches

  • Cisco (2024): IntelBroker exposed source code through misconfigured internal APIs. Checks 1 and 7 cover this.
  • Reddit (2023): 80GB of data exfiltrated due to weak access controls. Checks 1 and 2 address it directly.
  • MOVEit Transfer: Third-party vulnerability that cascaded across thousands of organizations. Check 8 exists because of incidents like this.

Tools and resources

Commercial platforms

  • API Security Platforms: Salt Security, Noname Security, Traceable AI, Palo Alto Prisma Cloud
  • API Gateways: Kong, Apigee, AWS API Gateway with security features
  • Testing Tools: Postman Security, Burp Suite Enterprise, OWASP ZAP

Open-source tools

  • Testing: OWASP ZAP, nuclei, sqlmap
  • Monitoring: ELK stack, Prometheus + Grafana
  • Security Libraries: Helmet.js, express-rate-limit, joi validation

Learn about our API key management solution →

Secure your API keys today

Stop storing credentials in Slack and .env files. API Stronghold provides enterprise-grade security with zero-knowledge encryption.

View Pricing →