Agentic AI Security & Runtime Review

Review what the system can do, not only what it can say.

DDAI assesses the action surface of tool-using and agentic systems: identities, permissions, workflow states, external effects, human authority, failure routes, and the evidence needed to reconstruct a consequential action.

The problem

The risk changes when the system can alter external state.

A text response may be wrong. A tool-using system can send a message, change a record, trigger a payment, modify code, approve a workflow, or pass authority to another component. The control question is therefore not only whether the model produced a good answer. It is whether the system had permission, whether it had authority, whether a human should have approved the action, and whether independent evidence exists.

Review areas

Intended purpose and action inventory

Non-human identities

Tool and data access

Least-privilege permissions

Planning and execution separation

Workflow states and retry behaviour

Multi-agent delegation

Prompt injection and indirect instruction risk

Sensitive-data exposure

Human approval and override

Monetary, rate, and impact limits

External execution receipts

Monitoring, incident, and kill-switch design

Runtime policy and decision evidence

Change and drift triggers

Delivery sequence

1. Scope and written authorisation

2. Architecture, action, and evidence review

3. Controlled defensive testing where agreed

4. Findings, severity, and business impact

5. Remediation and retest

6. Runtime-evidence and Evidary roadmap

Deliverables

Action and tool inventory

Identity, permission, and authority map

Threat and failure model

Human-oversight gap analysis

Runtime policy and evidence requirements

Findings and remediation report

Retest record where contracted

Procurement or governance summary

Evidary-ready runtime evidence design

Evidary Governance Harness boundary

Where a recurring evidence workflow is justified, transition planning can be scoped separately with Evidary. The review remains provider-neutral, and no evaluator replaces accountable human judgement.

Govern the action chain, not only the model.

DDAI can help you connect business value, technical implementation, human oversight, and governance evidence from day one.

Review a tool-using system