Agentic Security
AI-powered coding assistants, or “agents,” represent a significant shift in how security operations work can be approached. Rather than viewing agentic coding as a threat to security, this section explores how AI assistants can be powerful allies in maintaining security operations when properly configured and constrained.
The pages within this section provide practical guidance on:
- Configuring Model Context Protocol (MCP) servers to extend AI capabilities
- Establishing secure coding guidelines through Copilot instructions
- Leveraging AI agents for dependency management and vulnerability remediation
Important
Agentic security is not about replacing human judgment or bypassing security controls. It’s about augmenting security operations teams with AI-powered tools that operate within established security frameworks.
Principles of Agentic Security
When implementing agentic coding for security operations, the following principles apply:
- Information over Prescription - Provide AI agents with context and knowledge, not rigid rules that may become outdated
- Security by Default - Configure agents to operate within security controls, never suggesting bypasses or workarounds
- Audit and Transparency - All agentic actions should be auditable, with clear commit messages and change documentation
- Human Oversight - AI agents augment human decision-making but don’t replace security team approval processes