Full Report
Providing Application Security teams with visibility and guardrails to secure agentic software development and the modern software supply chain
Analysis Summary
# Best Practices: Securing AI-Native & Agentic Development
## Overview
These practices address the security challenges introduced by "agentic" software development—where AI agents autonomously write code, provision infrastructure, and execute CI/CD commands. They focus on maintaining visibility, enforcing guardrails, and securing the supply chain against machine-speed exploitation.
## Key Recommendations
### Immediate Actions
1. **Inventory AI Tooling:** Generate an AI-BOM (AI Bill of Materials) to identify all LLM frameworks, IDE extensions (e.g., Cursor, GitHub Copilot), and AI models currently in use.
2. **Deploy IDE Guardrails:** Implement pre-commit hooks and IDE plugins (e.g., Wiz Code) to intercept hardcoded secrets and misconfigured IaC at the developer's workstation.
3. **Map Agentic Surface Area:** Identify where AI agents have permissions to modify infrastructure or execute CI/CD commands.
### Short-term Improvements (1-3 months)
1. **Integrate AI-Specific SAST:** Update Static Analysis Security Testing (SAST) rules to include checks for the **OWASP Top 10 for LLM Applications** (e.g., prompt injection, insecure output handling).
2. **Enable Code-to-Cloud Linking:** Implement an IaC Inventory that connects source code modules to live cloud resources to detect "drift" caused by autonomous agent updates.
3. **Adopt MCP (Model Context Protocol):** Use standardized protocols to feed security signals from production back into developer IDEs for faster remediation.
### Long-term Strategy (3+ months)
1. **Autonomous Remediation:** Implement "Security Skills" (like Wiz Green Agent) that allow AI agents to pull security findings from a central graph and autonomously generate/apply fixes.
2. **Zero-Trust CI/CD for Agents:** Harden CI/CD pipelines against agent-driven supply chain attacks by enforcing strict identity and access management for automated workflows.
3. **Machine-Speed Triage:** Transition from manual vulnerability review to risk-based prioritization driven by the "Security Graph" (contextual analysis of vulnerabilities).
---
## Implementation Guidance
### For Small Organizations
- Focus on **visibility**. Start by identifying which AI extensions developers are using.
- Use free/standardized resources like the **OWASP Top 10 for LLMs** to educate the small team on AI-native risks.
### For Medium Organizations
- Implement **IaC scanning** and **pre-commit hooks** to prevent misconfigurations from reaching the cloud.
- Establish a "Single Source of Truth" by linking code repositories to cloud state files to ensure visibility into what AI agents are provisioning.
### For Large Enterprises
- Deploy **Agentic Remediation Tools** to handle the sheer volume of vulnerabilities that manual teams cannot keep up with.
- Require all AI-driven development to occur within sanctioned IDEs equipped with **Enterprise-grade security plugins** that provide real-time feedback.
---
## Configuration Examples
*While specific code was not provided in the text, the following configurations are recommended based on the cited Wiz capabilities:*
* **Pre-commit Hook Example (Generic):**
`scripts/pre-commit: Run 'wiz-cli scan --iac --secrets' before allowing git commit.`
* **LLM Security Rule Mapping:**
Configure SAST tools to flag `eval()` or dangerous string concatenations in prompts that lead to **Indirect Prompt Injection**.
* **IaC Drift Detection:**
Configure cloud providers to alert when a resource tagged `managed-by: ai-agent` deviates from its IaC state file in the repository.
---
## Compliance Alignment
- **OWASP Top 10 for LLM Applications:** Specifically addressing prompt injection and insecure outputs.
- **OWASP Top 10 for Agentic Applications:** Focuses on unsafe agent behavior and autonomous action risks.
- **NIST AI RMF:** Aligning with AI risk management frameworks for governing model use.
- **CIS Benchmarks:** Ensuring IaC generated by AI meets industry standard hardening.
---
## Common Pitfalls to Avoid
- **"Agent Blindness":** Assuming standard CI/CD security covers AI agent actions; agents often operate with broader permissions than necessary.
- **Contextless Findings:** Providing developers with security alerts that lack "Code-to-Cloud" context, leading to alert fatigue.
- **Static Inventory:** Relying on quarterly audits for AI software when agents can introduce new dependencies and frameworks in minutes.
---
## Resources
- **OWASP Top 10 for LLM Applications:** hxxps://owasp[.]org/www-project-top-10-for-llm-applications-large-language-models/
- **Wiz AI-BOM Documentation:** hxxps://www[.]wiz[.]io/academy/ai-security/ai-bom-ai-bill-of-materials
- **Model Context Protocol (MCP):** [Open standard for AI tool communication]
- **Wiz Green Agent:** [Autonomous remediation tool for AI native development]