- When processing untrusted inputs
- Security audits of agent-generated code
- Compliance verification (OWASP Top 10, CIS)
AIDefence Layers
- Prompt Injection Detection - Pattern + heuristic blocking
- Input Validation - Path traversal, type coercion, parameter sanitization
- Static Analysis (SAST) - Vulnerability scanning, CWE matching
- Sandboxed Execution - Network isolation, filesystem restrictions, resource limits
- Output Sanitization - Secrets, PII, injection vector redaction
Security Levels
| Level | Layers | Use Case | |-------|--------|----------| | standard | SAST + validation + sanitization | Routine audits | | elevated | + threat modeling + compliance | Pre-release audits | | maximum | + sandbox + full STRIDE + remediation | Critical systems |
Agents Used
agents/security-auditor/- Vulnerability detectionagents/reviewer/- Code quality verification
Tool Use
Invoke via babysitter process: methodologies/ruflo/ruflo-security-audit