Security Agent
Overview
| Field | Value |
|---|---|
| Agent ID | security-agent |
| SDLC Stage | Stage 5: Security and Compliance |
| Human Owner | Security Engineer |
| Role Guide | Security Engineer Guide |
| Prompt Template | prompt-library/by-role/security-engineer/security-review-and-remediation.md |
| Contract Version | 1.0.0 |
| Status | Active |
What This Agent Does
The security-agent is a critical safety gate. It runs automated security scans, threat models AI-specific attack surfaces, and produces a merge-blocking decision. Given that AI-generated code has a 2.74x higher vulnerability rate, this agent's role is essential.
Core responsibilities:
- SAST execution — Run static application security testing on all code changes
- DAST coordination — Trigger dynamic testing for API endpoints and web interfaces
- SCA/dependency scanning — Check all dependencies for known CVEs and license violations
- Threat modeling — Assess AI-specific attack surfaces (prompt injection, hallucinated APIs, insecure defaults)
- Finding classification — Categorize findings by severity (critical/high/medium/low) with remediation guidance
- Merge decision — Issue APPROVE, BLOCK, or CONDITIONAL with specific blocking findings
Agent Contract
agent_id: security-agent
contract_version: 1.0.0
role_owner: security-engineer
allowed_inputs:
- code-patch-with-tests
- dependency-manifest
- architecture-constraints
- threat-model-context
- previous-scan-history
allowed_outputs:
- sast-scan-results
- dast-scan-results
- sca-scan-results
- threat-model-assessment
- finding-classifications
- merge-decision
- remediation-guidance
forbidden_actions:
- bypass-scan-failures # Failed scans block the pipeline
- waive-critical-findings # Critical/high findings require human Security Engineer
- modify-source-code # Security agent reports; developer-agent fixes
- access-production-secrets # Staging secrets only
- disable-security-tools # Security tooling is non-negotiable
- self-approve-exceptions # All exceptions require human approval
required_checks:
- sast-scan-completed
- dependency-scan-completed
- no-unresolved-critical-findings
- threat-model-reviewed
- license-compliance-verified
handoff_targets:
- agent: compliance-agent
artifact: security-scan-results
condition: scanning-complete
- agent: developer-agent
artifact: vulnerability-details
condition: finding-requires-fix # Rework routing
escalation_path:
approver_role: security-engineer
triggers:
- critical-finding-detected
- high-finding-detected
- new-attack-surface-identified
- dependency-with-known-exploit
- license-violation-detected
System Prompt Blueprint
You are security-agent for [PROJECT_NAME].
Your role: Run security scans, threat model AI-specific risks, and
produce a merge-blocking decision for code changes.
Security tooling:
- SAST: [YOUR_SAST_TOOL]
- DAST: [YOUR_DAST_TOOL]
- SCA: [YOUR_SCA_TOOL]
Contract boundaries:
- You MUST NOT bypass failed scans
- You MUST NOT waive critical or high findings
- You MUST NOT modify source code (report findings; developer fixes)
- You MUST NOT access production secrets
- You MUST escalate all critical/high findings to human Security Engineer
For every code patch you receive, produce:
1. SAST scan results with finding details
2. SCA/dependency scan with CVE and license status
3. AI-specific threat model (hallucinated APIs, insecure defaults, prompt injection vectors)
4. Finding classification (critical/high/medium/low)
5. Remediation guidance per finding
6. Merge decision:
- APPROVE: No critical/high findings, all scans pass
- CONDITIONAL: Medium findings with documented risk acceptance
- BLOCK: Critical/high findings must be resolved
Critical and high findings ALWAYS escalate to human Security Engineer.
Reference: prompt-library/by-role/security-engineer/security-review-and-remediation.md
Standards: PRD-STD-004 (Security Scanning), PRD-STD-008 (Dependencies)
Handoff Specifications
Receives From (Upstream)
| Source | Artifact | Trigger |
|---|---|---|
developer-agent | Code patch with dependency manifest | Gate 3 passed (parallel with qa-agent) |
Sends To (Downstream)
| Target | Artifact | Condition |
|---|---|---|
compliance-agent | Security scan results with finding classifications | All scans complete |
developer-agent (rework) | Vulnerability details with remediation guidance | Blocking finding found |
Gate Responsibilities
This agent co-owns Gate 5 with compliance-agent:
| Criterion | How This Agent Satisfies It |
|---|---|
| SAST scan completed with no unresolved critical findings | Executes SAST and classifies findings |
| Dependency scan passed (no critical CVEs, license compliant) | Runs SCA scan |
| Threat model reviewed for AI-specific attack surfaces | Produces AI-specific threat assessment |
| Human security sign-off for critical/high findings | Escalates to Security Engineer |
Trust Level Progression
| Level | Duration | What Changes |
|---|---|---|
| Level 0 | 3 weeks / 20 runs | Security Engineer reviews all findings and decisions |
| Level 1 | 8 weeks / 50 runs | APPROVE auto-proceeds when no critical/high findings; human reviews medium findings |
| Level 2 | 16 weeks / 100 runs | APPROVE auto-proceeds for Tier 1-2; human reviews only critical/high |
| Level 3 | Never for critical findings | Critical and high findings always require human Security Engineer |
Critical findings never reach autonomous approval. This is a non-negotiable safety boundary.
Environment Scope
| Environment | Access | Allowed Actions |
|---|---|---|
| Development | None | Does not operate in Development |
| Staging | Full | Run scans, classify findings, produce merge decisions |
| Production | None | Does not operate in Production |
Implementation Guide
Step 1: Configure Security Scanning Tools
security_tools:
sast:
tool: "semgrep" # or SonarQube, Checkmarx, etc.
config: ".semgrep.yml"
severity_threshold: "high" # Block on high and above
sca:
tool: "snyk" # or Dependabot, OWASP Dependency-Check
config: ".snyk"
cvss_threshold: 7.0 # Block on CVSS 7.0+
dast:
tool: "zap" # or Burp Suite, Nuclei
target: "staging-url"
scan_type: "baseline"
license:
tool: "license-checker"
denied_licenses: ["GPL-3.0", "AGPL-3.0"] # Customize per org policy
Step 2: Build the AI-Specific Threat Model
The security-agent must check for AI-unique vulnerabilities:
| AI Vulnerability | Detection Method |
|---|---|
| Hallucinated API calls | Cross-reference imports against actual available APIs |
| Insecure defaults | Check for default passwords, open permissions, disabled auth |
| Dependency confusion | Verify package names against official registries |
| Prompt injection vectors | Scan for unsanitized user input in AI-processed strings |
| Overly permissive error handling | Detect catch-all error handlers that swallow security exceptions |
Step 3: Configure Remediation Guidance
For each finding category, provide actionable remediation:
remediation_templates:
sql_injection: "Use parameterized queries. See OWASP SQLi Prevention."
xss: "Sanitize output. Use framework-provided escaping."
hardcoded_secret: "Move to secrets manager. Use environment variables."
insecure_dependency: "Upgrade to patched version. Check compatibility."
Step 4: Set Escalation SLAs
Per the Vulnerability Response SLAs:
| Severity | Response SLA | Resolution SLA |
|---|---|---|
| Critical | 4 hours | 24 hours |
| High | 1 business day | 7 days |
| Medium | 3 business days | 30 days |
| Low | Next sprint | 90 days |
Known Limitations
- False positives — SAST tools produce false positives. The agent classifies findings but humans must triage ambiguous cases.
- DAST coverage — Dynamic testing requires a running application. Coverage depends on Staging environment configuration.
- Zero-day vulnerabilities — SCA tools only detect known CVEs. Zero-days are undetectable until disclosed.
- Business logic vulnerabilities — The agent cannot detect authorization bypass or business logic flaws that require domain knowledge.
- AI-specific detection is evolving — New AI vulnerability patterns emerge regularly. Update the threat model quarterly.
Standards Compliance
| Standard | Requirement | Evidence This Agent Produces |
|---|---|---|
| PRD-STD-004 | Security scanning requirements | SAST, DAST, SCA scan results |
| PRD-STD-008 | Dependency and license compliance | SCA report with CVE and license status |
| PRD-STD-009 | Agent governance | Contract, run records, escalation records |