AI SECURITY GUIDE

The AI Agent Security Checklist for 2026

15 points every small business running Zapier, Make.com, n8n, or ChatGPT workflows needs to tick off this quarter.

Published April 20, 2026 · 8 min read · By Scannly

DIRECT ANSWER

The 2026 AI agent security checklist covers 15 controls across four areas: visibility (inventory and data mapping), access (least-privilege permissions and credential rotation), defences (prompt injection filters, sanitisation, structured outputs), and monitoring (logging, anomaly alerts, quarterly audits). Small businesses running Zapier, Make.com, n8n, or ChatGPT workflows should complete every item at least once per quarter.

Why AI Agents Need Their Own Checklist

Traditional security checklists were built for web apps, APIs, and databases. AI agents are different: they interpret natural language, call external services autonomously, and often have access to multiple sensitive systems at once. A compromised AI agent can read your email, summarise it wrongly, and send that summary to the wrong person — all within a single workflow run.

The checklist below covers the 15 controls most likely to be missing in the AI workflows of small businesses today. Each one maps to a real attack pattern seen in 2025 and 2026.

The 15-Point Checklist

Visibility (Points 1–2)

1. Inventory every AI agent and automation. List every Zap, scenario, n8n flow, and custom agent running across your business. You cannot secure what you cannot see.
2. Map what data each agent can access. For each agent, document which apps, accounts, and records it can read or modify. This is the foundation for every other control on this list.

Access (Points 3, 10, 11)

3. Apply least-privilege permissions. Every agent should have the minimum access required to do its job — nothing more. See our least-privilege guide for exact steps.
10. Rotate API keys and credentials quarterly. Any credential that has been in use for more than 90 days should be rotated. Old keys are the easiest way in for attackers.
11. Review third-party integrations monthly. OAuth tokens granted to automations often persist long after you stop using them. Revoke anything not actively in use.

Defences (Points 4–7)

4. Sanitise all user inputs before AI steps. Never pass raw email bodies, form submissions, or webhook payloads directly into an AI prompt without filtering.
5. Add prompt injection filters. Insert a validation step before every AI action that flags instruction-like language. Read our full prompt injection prevention guide.
6. Use role-based system prompts. Explicitly tell the AI what role it plays and that it should ignore instructions found in input data.
7. Restrict AI output to structured formats. Return JSON with predefined fields, not free-form text. This makes downstream abuse much harder.

Monitoring (Points 8–9, 12–15)

8. Enable logging on every agent action. Every call, every input, every output — stored for at least 90 days. Without logs, you cannot detect or investigate incidents.
9. Set up anomaly alerts. Get notified when an agent suddenly calls a new API, processes an unusually large payload, or runs outside normal hours.
12. Document incident response procedures. Write down exactly what to do if an agent is compromised: who revokes access, who notifies users, who runs the post-mortem.
13. Test agents against known attack patterns. Regularly attempt prompt injection and data exfiltration against your own workflows before attackers do.
14. Verify GDPR and data residency compliance. AI agents often ship data to models hosted in other regions. Confirm your data handling matches what your privacy policy says.
15. Run a quarterly security audit. Work through this full checklist every 90 days. Security is not a one-time task.

How to Use This Checklist

Start by completing Points 1 and 2 — inventory and data mapping. You cannot protect what you have not mapped. Once you have a clear picture, tackle Points 3, 4, and 5 next — these three alone eliminate the majority of realistic attack scenarios.

The monitoring points (8 and 9) are often skipped because they feel less urgent. Do not skip them. If an incident happens without logs, you will be rebuilding trust with users and regulators in the dark.

Check Your Workflow in 60 Seconds

Scannly's free Risk Scanner automates points 1, 2, 4, and 5 of this checklist. Paste your workflow and get an instant security score — no account required.

Run My Free Scan →

Frequently Asked Questions

What is the biggest AI agent security risk in 2026?

Prompt injection remains the most widespread and underestimated AI agent security risk. It allows attackers to hijack an AI's instructions through ordinary inputs like emails or form fields, and most small businesses running Zapier or Make.com automations have no defences against it.

How often should I audit my AI agents?

Run a full security audit every quarter, and a lightweight scan monthly. New integrations, prompt changes, or credential rotations should trigger an ad-hoc audit regardless of schedule.

Do I need AI agent security if I only use Zapier or Make.com?

Yes. Zapier and Make.com are where most small business AI agents actually run, and their AI steps have the same vulnerabilities as any other AI system. Using a no-code platform does not remove the security responsibility.

What permissions should an AI agent have?

The minimum required to perform its specific job. An agent that summarises support emails should not have access to your CRM or payment systems. This is called least-privilege access and is the single highest-leverage security practice.

How do I check if my AI workflow is secure?

Run it through an automated risk scanner that checks for prompt injection vulnerabilities, over-permissioned integrations, insecure data handling, and missing logging. Scannly offers a free Risk Scanner for this purpose.