Checklist / security

AI agent security checklist

A security checklist for evaluating AI agents that use tools, customer data, phone calls, workflows, repositories, or business systems. Built for operators, security reviewers, engineering teams, and founders.

Build with Hyper
Template sections

Use this as a working document.

Access control

  • Role-based user access
  • Scoped integration credentials
  • Human approval for sensitive actions
  • Environment separation
  • Least-privilege tool permissions

Data handling

  • Transcript retention policy
  • Recording retention policy
  • PII handling
  • Deletion workflow
  • Export controls

Operational safety

  • Action logs
  • Failure visibility
  • Escalation rules
  • Audit trail
  • Incident review process
Copy-ready outline
Access control
- [ ] Role-based user access
- [ ] Scoped integration credentials
- [ ] Human approval for sensitive actions
- [ ] Environment separation
- [ ] Least-privilege tool permissions

Data handling
- [ ] Transcript retention policy
- [ ] Recording retention policy
- [ ] PII handling
- [ ] Deletion workflow
- [ ] Export controls

Operational safety
- [ ] Action logs
- [ ] Failure visibility
- [ ] Escalation rules
- [ ] Audit trail
- [ ] Incident review process
Next step

Turn the template into an agent workflow.

Hyper can turn this checklist into an inspectable agent workflow with instructions, tool calls, review states, transcripts, recordings when voice is involved, and operator-visible proof.

Start with Hyper