Context
This issue follows from #1 (How to adapt architecture practice & security with AI and Agentic AI).
The current ai-commands toolkit covers AI/ML adoption through caf.tech-principles (Symbiotic coupling principle), caf.ops-digital (AI/ML investment plan), and caf.ops-readiness (security checklist). However, none of these commands specifically address the security challenges introduced by agentic AI systems — systems where an AI model takes autonomous actions, calls tools, and operates across trust boundaries.
Problem
Agentic AI introduces a new class of architectural security concerns that existing CAF practices do not yet cover:
- Prompt injection — malicious inputs that hijack agent behaviour
- Tool misuse — agents calling APIs or executing code in unintended ways
- Data exfiltration — agents leaking sensitive data through tool calls or outputs
- Loss of human oversight — autonomous action chains that bypass review gates
- Supply chain risks — MCP servers, plugins, and third-party tools introduced into the agent loop
- Non-determinism — probabilistic outputs that break traditional security assumptions
These risks need to be assessed and documented as part of architecture practice, not treated as an afterthought.
Proposed command: caf.tech-ai-security
A new command that produces an Agentic AI Security Assessment — a structured threat model and architectural controls checklist for systems that include AI agents, LLMs in production, or AI-assisted automation.
Expected output: technology/ai-security-assessment.md
Scope:
- Threat model for the agentic system in scope (inputs, tools, outputs, trust boundaries)
- Assessment against OWASP LLM Top 10
- Alignment with NIST AI Risk Management Framework (AI RMF)
- Human oversight mechanisms — where are the review gates, and are they sufficient?
- Fitness function candidates for AI-specific NFRs (response consistency, hallucination rate, tool call audit trail)
- Architectural controls per threat (input validation, output filtering, rate limiting, audit logging, kill switch)
- RAG status for Architecture Review Board
References to incorporate:
How to contribute
See CONTRIBUTING.md for the command template and file naming convention.
The command file should be placed at:
.claude/commands/caf.tech-ai-security.md
Please open a Pull Request referencing this issue.
Acceptance criteria
Context
This issue follows from #1 (How to adapt architecture practice & security with AI and Agentic AI).
The current
ai-commandstoolkit covers AI/ML adoption throughcaf.tech-principles(Symbiotic coupling principle),caf.ops-digital(AI/ML investment plan), andcaf.ops-readiness(security checklist). However, none of these commands specifically address the security challenges introduced by agentic AI systems — systems where an AI model takes autonomous actions, calls tools, and operates across trust boundaries.Problem
Agentic AI introduces a new class of architectural security concerns that existing CAF practices do not yet cover:
These risks need to be assessed and documented as part of architecture practice, not treated as an afterthought.
Proposed command:
caf.tech-ai-securityA new command that produces an Agentic AI Security Assessment — a structured threat model and architectural controls checklist for systems that include AI agents, LLMs in production, or AI-assisted automation.
Expected output:
technology/ai-security-assessment.mdScope:
References to incorporate:
How to contribute
See CONTRIBUTING.md for the command template and file naming convention.
The command file should be placed at:
Please open a Pull Request referencing this issue.
Acceptance criteria