Playbook Updated January 2026

Agentic CI/CD Security Playbook

Secure AI agents in CI/CD workflows against prompt injection, secret exposure, and unsafe execution.

Threat Model

  • Untrusted repo content: issues, PR comments, documentation, and logs.
  • Privileged automation: agents with access to secrets, build tools, or deployments.
  • External channels: outbound notifications or tools that can leak data.

Core Controls

  • Isolation: run agents in constrained environments with no direct secret access.
  • Token scoping: minimize token permissions and time-to-live.
  • Action gating: require approvals for deployments and release steps.
  • Output controls: block secret patterns from being emitted to comments or logs.

Detection and Monitoring

  • Alert on unexpected tool usage or repeated API calls.
  • Monitor for large data reads during review tasks.
  • Track agent output for sensitive values and redaction failures.

Implementation Checklist

Process

  • Define which tasks can be automated with agents.
  • Require review for changes that touch CI/CD workflows.
  • Separate agent responsibilities across build and release stages.

Technical

  • Use dedicated tokens for agent tasks.
  • Disable write access by default.
  • Log and audit all tool calls.

Incident Response Checklist

  1. Disable agentic workflows on affected repos.
  2. Rotate all CI/CD secrets and access tokens.
  3. Review logs for unauthorized actions.
  4. Harden prompts and update policy enforcement.

Need CI/CD Protection?

AARSM can enforce runtime guardrails for AI agents in build and release pipelines.