Practice vocabulary for deploying AI agents: sandboxed environments, HITL approval, access control, audit logs, and risk assessment.
0 / 5 completed
1 / 5
Your security review says 'The agent runs in a sandboxed environment.' What does sandboxing provide for an agent?
A sandboxed environment restricts the agent's access to the broader system — limiting file access, network calls, and process execution. This contains potential damage if the agent misbehaves or is manipulated.
2 / 5
A deployment spec includes a 'human-in-the-loop (HITL) approval step before the agent writes to the database.' What is the purpose of this step?
Human-in-the-loop (HITL) checkpoints are safety gates where a human must approve an action before the agent proceeds. They are especially important for irreversible or high-impact operations.
3 / 5
A risk assessment flags: 'The agent has write access to the production database.' Why is this considered high risk?
Agents with write access to production systems can cause irreversible harm — deleting records, corrupting data, or triggering unintended business processes. Principle of least privilege dictates agents should have minimal necessary access.
4 / 5
Your team implements 'an audit log for agent actions.' What should this log capture?
An agent audit log should record every action taken — tool calls, parameters, timestamps, and outcomes. This enables forensic investigation, compliance, and debugging when something goes wrong.
5 / 5
A colleague says 'We need agent access control vocabulary in our architecture docs.' Which of these is an example of agent access control?
Agent access control means defining what resources, tools, and data an agent can interact with — typically implemented via role-based access, scoped API keys, or permission policies tied to the agent's identity.