AI Security Checklists
Audit-grade AI security checklists for LLM applications, MCP deployments, coding agents, long-lived autonomous agents, and Agentic DeFi systems. Built to support real Zealynx audit scoping and review work.
🚨 Why service-specific AI checklists matter
• Prompt injection only matters if it can reach an execution sink
• Persistent agents turn time and memory into attack surfaces
• Coding agents collapse repo trust, shell execution, and secret exposure
• Agentic DeFi systems combine LLM ambiguity with financial authority
• Approval semantics often fail before model safeguards do
• Auditors need evidence-oriented checks, not generic AI safety advice
MCP Security
Comprehensive security checklist for Model Context Protocol servers and AI agents covering tool poisoning, prompt injection, RCE prevention, and cross-server attacks.
LLM Application Security
Security checklist for LLM-powered applications covering prompt injection, data leakage, RAG poisoning, jailbreak prevention, agent security, and output validation.
AI Model Security
Security checklist for AI models covering model poisoning, adversarial attacks, model extraction, inference attacks, supply chain integrity, and deployment hardening.
Coding Agent Security
Service-aligned checklist for coding agents covering prompt-to-shell risk, repository trust boundaries, approvals, secret exposure, and CI mutation.
Long-Lived Agent Security
Checklist for persistent autonomous agents covering memory poisoning, temporal privilege re-entry, delegated authority, scheduler abuse, and replayability.
Agentic DeFi Security
Checklist for AI systems that can recommend, approve, route, or execute DeFi actions across wallets, vaults, bridges, and governance flows.
AI audit checklists built for real review work
These checklists are designed to support scoping, manual review, and evidence collection across real AI systems. They focus on execution sinks, authority boundaries, persistence risk, and financial blast radius.