AISecOps · aisecops.net

Runtime governance
and forensics
for AI agents.

AI agents now retrieve data, call tools, execute workflows, and take real actions. AISecOps provides the runtime governance layer for controlling and investigating those systems: provenance-aware replay, capability-gated execution, execution graphs, deterministic execution boundaries, structured audit logging, and replayable runtime forensics.

Explore Runtime Forensics → Read the Framework
Current OSS release: v0.7.0 · Replay Audit UI + Execution Graphs
aisecops-runtime · replay.trace
// Local / edge guard — injection precheck
{
  "event": "prompt_injection_detected",
  "severity": "high",
  "action": "blocked_before_llm",
  "tenant": "acme-corp"
}

// Runtime governance — provenance-aware evaluation
{
  "tool": "send_email",
  "phase": "evaluate",
  "capability": "cap_notification_ops",
  "decision": "BLOCK",
  "reason": "recipient_not_allowlisted",
  "correlation_id": "cid-8821"
}

// Replayable forensic event emitted
aisecops_runtime_decision_total{decision="block"} 1
jsonl persisted → replay + execution graph ✓

$ _
Framework covers
Prompt Injection Tool Abuse Memory Poisoning Capability Gates Runtime Replay Execution Graphs
The Problem

Agentic AI changed the threat model.
Most teams haven't caught up.

Enterprises are deploying AI agents that browse the web, read email, query databases, and execute code. Traditional application security was not designed for autonomous execution systems.

Before AISecOps

Your AI agent calls a tool. You see a log entry. There's no policy engine — the call either succeeds or fails at the API level. You have no visibility into what the model was instructed to do, why it chose that tool, or whether the retrieved context was clean.

With AISecOps

Every execution plan passes through a runtime control plane. Retrieved context is sanitized before the model sees it. Capability gates validate requested actions before policy evaluation. Every runtime decision emits a structured audit event. Replayable JSONL logs enable explainability, forensics, and governance.

What attackers exploit

Indirect prompt injection via RAG. Tool parameter manipulation. Memory context poisoning. Policy drift as models and prompts evolve. These are not theoretical — they have been demonstrated in production agentic systems.

What this framework provides

A layered runtime governance architecture: local enforcement, context validation, capability containment, execution governance, deterministic execution boundaries, and replayable observability. Open-source reference implementations. Enterprise adoption guidance. Threat models aligned to OWASP LLM risks.

Runtime Governance Model

Four control layers for AI agents that act.

AISecOps governs the runtime path from untrusted input to execution and replay: local guards, capability gates, deterministic execution boundaries, structured audit, and forensic reconstruction.

L1 Context — Trust Boundaries

Optional local / edge guards stop obvious injection patterns before cloud model invocation. Validate and sanitize all external data before it enters the model's context window. Treat every retrieved document, memory chunk, and tool response as untrusted input that must be inspected for injection patterns.

L2 Capability — Least-Privilege Tools

Enforce capability-gated execution and parameter validation before any external call is executed. The policy engine — not the model — decides what actions are permitted. Deny by default.

L3 Runtime Control Plane — Evaluate & Execute

Separate planning, evaluation, and execution into distinct runtime boundaries. Deterministic executors run only approved or allowed execution plans. High-risk actions require approval workflows and emit explainable audit trails.

L4 Observability — Replay & Audit

Emit structured JSONL runtime events at every decision point. Support replay, explainability, forensic reconstruction, governance analytics, and policy drift analysis across deployments.

View the Reference Architecture →
Runtime Investigation

Replayable runtime forensics for AI agents.

AISecOps reconstructs execution history from structured runtime events: execution plans, policy evaluations, provenance chains, approval flows, execution paths, and final governance outcomes.

Prompt
Plan
Evaluate
Decision
Execute
Audit
Replay
Graph
Replay Trace List

Investigate runtime decisions across traces.

Replay summaries expose runtime decisions, provenance trust levels, event counts, and execution outcomes for forensic investigation.

AISecOps replay trace list
Timeline Reconstruction

Replay execution history step-by-step.

Structured replay timelines reconstruct planning, evaluation, approval, execution, and final governance decisions in execution order.

AISecOps replay timeline
Execution Graphs

Visualize provenance-aware execution flow.

Execution graphs reconstruct causal runtime relationships between provenance sources, planning stages, policy evaluation, approvals, tool execution, and final outcomes.

AISecOps execution graph
Explore Runtime Forensics →
Featured Article

I Built a Runtime Forensics Layer for AI Agents

A deep dive into AISecOps Interceptor, runtime governance, provenance-aware replay, execution graphs, and why AI agents need forensic investigation layers once they start taking actions.

Read on Medium →
AISecOps runtime forensics execution graph
Resources

Everything is open and free.

Framework documentation, threat models, reference architecture, and working open-source code. No account required.

Definition
What Is AISecOps?

The disambiguation page — how AISecOps for agentic AI differs from legacy "AI for SecOps" definitions.

Read the definition →
Threat Model
Agentic AI Attack Surface

MCP, A2A, swarm systems — a structured threat model covering all major agentic AI attack vectors with OWASP LLM mapping.

View threat model →
Architecture
Reference Architecture

A runtime control plane blueprint: local enforcement, capability gates, execution governance, deterministic execution boundaries, and replayable audit architecture.

View architecture →
Runtime Forensics
Replayable Audit and Provenance

Runtime investigation workflows for provenance-aware replay, timeline reconstruction, execution graph analysis, and forensic review of AI agent decisions.

View runtime forensics →
Whitepaper
The AISecOps Framework

Framework document covering AISecOps foundations, runtime control planes, execution splitting, capability-gated execution, and enterprise adoption guidance.

Download →
Open Source
aisecops-interceptor

Reference implementation with replay APIs, Replay Audit UI, provenance-aware runtime events, capability-gated execution, and execution graph investigation.

View on GitHub →