Capstone: Your Personal Security Policy
Pull together everything from Lessons 1-7 into a living security policy. Agent permissions, incident response, weekly review checklist, and the governance framework that makes security stick.
Premium Course Content
This lesson is part of a premium course. Upgrade to Pro to unlock all premium courses and content.
- Access all premium courses
- 1000+ AI skill templates included
- New content added weekly
Security That Sticks
🔄 Quick Recall: Over 7 lessons, you’ve learned the threat landscape (Lesson 1), built a threat model (Lesson 2), implemented Docker isolation (Lesson 3), set permission boundaries (Lesson 4), created a skill vetting framework (Lesson 5), configured monitoring (Lesson 6), and understood why prompt injection remains unsolved (Lesson 7). Now let’s make it permanent.
Pixee.ai’s research found a striking gap: 98% of organizations with 500+ employees deploy agentic AI, but 79% lack formal security policies. Security decisions are made ad hoc, incident by incident, and lessons learned get forgotten.
Your personal security policy closes that gap. It’s not a legal document — it’s a living reference that captures your decisions so you don’t have to re-make them every time.
Your Policy Template
The following template combines frameworks from OWASP (Source 3), NIST (Source 6), Gartner (Source 8), AWS (Source 10), and Auth0 (Source 32). Customize it for your specific agent setup.
Section 1: Agent Inventory
List every AI agent you use:
| Agent | Scope (AWS Matrix) | Trifecta Properties | Primary Use | Last Security Review |
|---|---|---|---|---|
| OpenClaw (Docker) | Full Agency | 2/3 (no external comms) | File organization, research | [date] |
| Claude Code | Supervised | 2/3 (no untrusted content) | Coding assistance | [date] |
| Email assistant | Prescribed | 3/3 | Email triage | [date] |
Why this matters: You can’t secure agents you’ve forgotten about. Shadow AI — agents deployed without formal approval — was one of Bitdefender’s key findings in enterprise environments. It happens to individuals too.
Section 2: Permission Tiers
Define three permission levels based on your threat model:
Tier 1 — Restricted (Low Trust)
- Read-only access to specified directories
- No internet access
- No credential access
- No shell execution
- Use for: untested skills, new agents, experimental workflows
Tier 2 — Standard (Medium Trust)
- Read/write access to project directories
- Allowlisted API endpoints only
- Agent-specific scoped tokens
- No shell execution unless explicitly approved per-task
- Use for: vetted skills, daily workflows, coding assistance
Tier 3 — Extended (High Trust)
- Broader file access (still not full system)
- Internet access through proxy with logging
- Shell execution for pre-approved commands
- Human-in-the-loop for irreversible actions
- Use for: long-running autonomous tasks, multi-step workflows
Never grant: Unrestricted shell, full filesystem, personal API keys, email sending without approval.
✅ Quick Check: A new skill claims to organize your Downloads folder. What permission tier should you start with? (Answer: Tier 1 — Restricted. Give it read-only access to the Downloads folder first. Run it, verify it works as described, review its behavior. If it checks out, promote to Tier 2 with read/write access to only that folder.)
Section 3: Incident Response
When your monitoring (Lesson 6) fires an alert:
Step 1: Stop (30 seconds)
docker stop agent-container --time=0
Don’t investigate while the agent is running. Stop first.
Step 2: Preserve (2 minutes)
docker logs agent-container > /tmp/incident-$(date +%Y%m%d).log
docker cp agent-container:/app/data /tmp/incident-data-$(date +%Y%m%d)/
Copy logs and data before touching anything.
Step 3: Revoke (2 minutes)
- Revoke all API keys the agent had access to
- Rotate any secrets in the agent’s environment
- Change passwords if credential exposure is suspected
Step 4: Investigate (15-60 minutes)
- What triggered the alert?
- What files did the agent access in the last 24 hours?
- Were any outbound network requests made to unexpected destinations?
- Were any memory files modified?
Step 5: Remediate
- If a skill was the cause: remove it, re-vet all other installed skills
- If prompt injection was the cause: clean memory files, review processed documents
- If a vulnerability was exploited: update the agent, review Docker configuration
- Document what happened and what you changed
Step 6: Resume Start the agent with fresh credentials. Monitor closely for 48 hours.
Section 4: Credential Management
Following Gartner’s “block, rotate, audit” framework:
Block: Never give agents your personal credentials. Create agent-specific tokens with minimum required scope.
Rotate: Schedule credential rotation:
- Critical (financial APIs, email): Weekly
- Standard (dev tools, search): Monthly
- After any security event: Immediately
Audit: Review active credentials quarterly:
- Which tokens are active? Are any unnecessary?
- Which tokens have broader scope than needed?
- Are any credentials still present from decommissioned agents?
Section 5: Skill Management
Your vetting framework from Lesson 5, formalized:
Before installation:
- 5-point vetting framework passed (source, scan, review, prerequisites, test)
- Permission tier assigned (start at Tier 1)
After installation:
- First run monitored with enhanced logging
- Behavior matches description
- No unexpected file access, network calls, or memory modifications
- Promoted to appropriate tier after verification
Ongoing:
- Re-scan installed skills monthly with Cisco Skill Scanner
- Check for skill updates and review changelogs before updating
- Immediately remove any skill flagged as Suspicious or Malicious on VirusTotal
Section 6: Weekly Review Checklist
Every week, spend 15 minutes:
- Review agent activity logs for anomalies
- Check monitoring alerts from the past week
- Verify no new credential patterns in config files
- Confirm Docker hardening flags are still in place (docker inspect)
- Check for agent software updates and security patches
- Review memory files for unexpected entries
- Verify kill switch still works (quick test)
Schedule it. Put it on your calendar. Security that depends on remembering to do it doesn’t happen.
✅ Quick Check: During your weekly review, you notice your agent’s Docker container is running without –cap-drop=ALL. You’re sure you configured it. What happened? (Answer: Something recreated the container without your hardening flags — possibly an agent update, a restart script, or a docker-compose change. This is why weekly reviews include verifying Docker configuration. Fix it immediately and investigate what triggered the recreation.)
Course Review
| Lesson | What You Learned | Your Defense |
|---|---|---|
| 1. What Can Go Wrong | Real attacks: RCE, malicious skills, credential leaks, exposed infra | Awareness of the threat landscape |
| 2. Threat Modeling | OWASP Top 10, AWS Scoping Matrix, Rule of Two | Systematic risk assessment |
| 3. Docker Isolation | 5 hardening flags, isolation spectrum | Container-level containment |
| 4. Permissions | Least privilege, scoped tokens, credential isolation, allowlists | Access control and credential protection |
| 5. Skill Vetting | 5-point framework, VirusTotal + Cisco Scanner + manual review | Supply chain defense |
| 6. Monitoring | Three categories, kill switch, behavioral baselines | Detection and response |
| 7. Prompt Injection | 85% success rate, layered mitigations, trifecta reduction | Defense-in-depth for the unsolved problem |
| 8. Security Policy | This document | Everything formalized and repeatable |
Where to Go From Here
Deepen your knowledge:
- Read the OWASP Top 10 for Agentic Applications (Source 3) — it’s the industry standard
- Follow Simon Willison’s blog for prompt injection research updates
- Subscribe to security advisories for whatever agents you use
Build your skills:
- Take the “Build Custom OpenClaw Skills” course to understand skills from the creator’s perspective — knowing how skills work makes you better at vetting them
- Practice your incident response procedure with a simulated alert
Stay current:
- Agent security is evolving rapidly — new vulnerabilities, new defenses, new frameworks appear monthly
- Re-evaluate your security policy quarterly as the landscape changes
- The best security policy is the one you actually follow and update
Key Takeaways
- 98% deploy agentic AI, 79% lack policies — your written policy puts you ahead of most organizations
- Three permission tiers (Restricted, Standard, Extended) give you a framework for every situation
- Incident response is a procedure, not an improvisation — stop, preserve, revoke, investigate, remediate, resume
- “Block, rotate, audit” for credentials — never share personal keys, rotate regularly, review quarterly
- Weekly reviews take 15 minutes and catch configuration drift, unexpected access, and emerging threats
- The policy is a living document — update it when your setup changes or when you learn something new
Knowledge Check
Complete the quiz above first
Lesson completed!