◀︎ // Home
Section 07 // What This Means for Defenders
Adopt the Straiker STAR Framework
Bottom line for leadership
Five controls break the chain across every agent type, and the decisive one is runtime monitoring (agent-on-agent). Guardrails are the baseline; runtime is the catch.
Do this: inventory every agent you run, test them against these attacks, then defend at runtime.
The framework's operational value is showing defenders where attacks happen and which control breaks each step. Four cross-cutting controls run through every agent type in this report, plus a fifth that catches what the others miss.
Five controls across every agent type
// 01
Treat external content as untrusted instruction
READMEs, emails, invites, shared docs, internal RAG sources, and tool descriptions. This closes the LAVA delivery channel.
// 02
Narrow permissions to task scope
Least privilege on the tool registry, OAuth scopes, and per-tool authorization. Shrinks the blast radius before anything fails.
// 03
Approve irreversible actions
Destructive commands, external sharing, mailbox rules, and cross-system transfers gated by a human.
// 04
Monitor context against action at runtime
Watch what the agent reads against what it does, and flag the moment the two diverge from the user's intent.
05 // The 5th Control
Agent-on-agent runtime security
The one this report returns to most. An agent watching another agent's context catches novel patterns the model itself cannot recognize. AI agents need an AI agent to secure them.
Start by seeing what you run
Adopting the STAR Framework starts with knowing what agents already operate inside your organization. Discover AI inventories every AI agent, MCP server, and connected model across the enterprise, and grades each against the framework's four layers and three agent types.


98.1%
detection accuracy across all threat categories
99%
detection on coding agents at runtime
0.7%
false-positive rate, near-zero noise
<300ms
added latency
The fastest way to know your exposure is to test for it. Straiker runs continuous AI adversarial testing — the same classes of attack documented in this report — against your live agents. In Gartner's Reference Architecture Brief: Offensive AI Security Testing, Straiker was positioned among the commercial vendors with distinct AI-ST capabilities, and Ascend AI was named a winner in The Hacker News 2026 awards for red teaming. That is why teams come to Straiker to test agents the way real attackers would, continuously.

Common Questions
How do you defend AI agents against agentic attacks?
Five controls break the chain across every agent type: treat external content as untrusted instruction, narrow permissions to task scope, require approval for irreversible actions, monitor context against action at runtime, and add agent-on-agent runtime security. Guardrails are the baseline; runtime is the catch.
What is agent-on-agent runtime security?
Agent-on-agent runtime security is an AI agent that watches another agent's context in real time, flagging injection and LAVA patterns the protected model itself cannot recognize. It is the decisive fifth control in the STAR Framework — because AI agents need an AI agent to secure them.
How does Straiker's platform map to the STAR Framework?
Three products run a See-Test-Protect path: Discover AI inventories every agent, MCP server, and model graded across the framework; Ascend AI continuously red-teams them with the attacks in this report; and Defend AI runs at runtime with 98.1% detection accuracy across threat categories (99% on coding agents) and a 0.7% false-positive rate.
Get the Full Report
Read everything here, free. Enter your email and we'll send the full PDF, including the complete defender playbook.






