# AI Harness Security

Protect data, tools, and model interactions with explicit boundaries.

---
Canonical: /harness/security/
Source: web/src/data/harness-markdown.ts
Format: Markdown for agents
---

Security starts at the tool boundary.

Agents should never receive broad ambient authority. Give each agent only the tools and data required for its use case.

## Production Checklist

- Redact secrets and sensitive payload fields before model calls.
- Keep authorization decisions outside the model.
- Use typed schemas for all tool inputs and outputs.
- Log metadata and decisions without leaking confidential content.
- Treat tool output as untrusted input when it returns external data.
- Add prompt-injection tests for agents that read user or third-party content.