If you're building AI agents and trying to sell into enterprise, you've probably hit the wall: the 40-page security questionnaire that asks about logging, access control, data residency, and adversarial testing - none of which you thought about while building the product.
I have compiled the 28 items that come up in nearly every enterprise security review, mapped to the frameworks that drive them: EU AI Act, SOC 2 Type II, ISO 42001, and NIST AI RMF.
The short version
- Logging & audit trail
- Log every prompt, response, and tool call with timestamps
- Capture the full decision chain, not just input/output
- Include threat detection metadata in every log entry
- Retain for 6+ months (EU AI Act Article 12 minimum)
- Tamper-evident storage (append-only, checksums, or WORM)
- Log all admin actions (key creation, permission changes, config updates)
- Access control
- Auth on every endpoint, including dev environments
- Role-based access - read-only users should not trigger destructive tool calls
- Scope API keys to specific capabilities
- Rotate credentials on a defined schedule
- Track and alert on authentication failures
- Data handling
- Classify what data categories flow through your agent
- Don't persist sensitive data beyond the session without documented need
- Scan agent outputs for secret leakage (AWS keys, JWTs, connection strings)
- Document your data processing pipeline and third-party processors
- Implement data residency controls for EU customers
- Security testing
- Run adversarial testing before every release. Secra Simulate fires 64 attacks across 10 categories in 60 seconds - free, no signup for your first scan
- Document testing methodology and results (auditors want evidence, not assertions)
- Maintain a vulnerability disclosure process
- Track and patch dependencies - keep a software bill of materials
- Test tool/MCP integrations as separate attack surfaces
- Runtime protection
- Deploy input scanning on every user message
- Monitor for anomalous usage patterns with alerts, not just dashboards
- Rate limit all public endpoints (per user, per key, per endpoint)
- Have a kill switch that gets you to zero traffic in under 60 seconds
- Incident response
- Write an AI-specific incident response plan covering prompt injection, data exfiltration, and tool compromise scenarios
- Define severity levels for AI security incidents
- Run tabletop exercises with your team
Where to start
If you're prepping for SOC 2, prioritize logging and access control (items 1-11). If targeting EU markets, focus on log retention and adversarial testing documentation. If an enterprise prospect just sent a security questionnaire, start with authentication, RBAC, and runtime protection - those are what procurement checks first.
None of this requires a massive engineering effort. Most of it requires deciding to do it and documenting that you did.
Full article with detailed framework mappings for each item here
