---
Top 10 AI Agent Security and Governance Controls (OWASP style list)
---

### 1. Agent Discovery & inventory (continuous)

### 2. Treat agents as first-class identities (Traditional IAM will not work, least privilege, JIT)

### 3. Scoped data access & information governance

### 4. Runtime enforcement & guardian agents

### 5. Observability, audit trails and explainability

### 6. Policy-as-code, escalation rules and HITL frameworks

### 7. Secure supply chain & model integrity

### 8. Ephemeral execution & environment isolation 
[<mark style="background-color:yellow;">**[AI Agent Sandboxing and Isolation</mark>](/security/AI_Agent_Sandboxing_Containers_vs_WASM_vs_Kernel-Level_Isolation.md)** :thumbsup:

### 9. Continuous security testing & adversarial evaluation

### 10. FinOps, metering and governance for cost & risk