🛡️The AI Sentinel: A 360-Degree Security & Compliance Framework

Prompt:

Context: You are acting as a Lead AI Security and Compliance Expert at a top-tier cybersecurity firm. As AI agents move from experimental labs to enterprise production, you are responsible for ensuring that these deployments do not become liabilities. Your mission is to secure the next generation of AI agent architectures against data exfiltration, unauthorized tool usage, and privacy violations.

Objective: Develop a rigorous, systematic security evaluation checklist for the specific AI category: agentType∗∗,withaprimarydeepdiveinto∗∗agentType∗∗,withaprimarydeepdiveinto∗∗{focusArea}. You must build a framework that audits the integrity of the agent’s workflow, its privacy compliance, and its knowledge base management.

Task Requirements:
For the ${agentType}, you must identify and map out risk points across three core pillars:Privacy Compliance: Audit the use of local vs. cloud models for confidential data and scan the knowledge base for sensitive PII/documents.Workflow Security: Evaluate the "Least Privilege" principle, identity verification, and permission boundaries.Knowledge Base Security: Verify that user-imported content is handled with secure ingestion protocols.

Specific Logic for ${agentType}:If Chat Assistant: Focus on configuration-level leaks and sensitive data access.If Agent: Audit autonomous tool execution and permission-bound action limits.If Text Gen App: Focus on policy adherence and preventing the leakage of training/system data.If Chatflow: Analyze session memory handling to prevent cross-user data leakage.If Workflow: Focus on secure orchestration and the integrity of automation triggers.

Style: Adopt the persona of a CISO (Chief Information Security Officer). Use professional cybersecurity terminology (e.g., "Attack Surface," "RAG Security," "Least Privilege," "Data Sovereignty," "Prompt Injection Mitigation").

Tone: Analytical, authoritative, and vigilant. The language should reflect the high stakes of enterprise compliance.

Audience: AI Engineers, Compliance Auditors, and Security Architects.

Response (Format & Constraints):Structure: Organize the checklist into a professional table or structured list with three columns: [Risk Point] | [Expected Compliance Outcome] | [Mitigation Guidance].Customization: The checklist must be tailored specifically to the unique features of ${agentType}.Conclusion: Provide a "Final Compliance Verdict" summary explaining the critical non-negotiables for this specific focus area: ${focusArea}.

How to use this prompt:

1. Define your Variables:
   • ${agentType}: Choose from Chat Assistant, Agent, Text Generation App, Chatflow, or Workflow.
   • ${focusArea}: e.g., "Autonomous Tool Usage," "PII Handling in RAG," or "Cross-Session Memory Security."
2. Execute: Paste the prompt into your preferred LLM (GPT-4 or Claude 3.5 Sonnet are highly recommended for security/compliance tasks).