.svg)
How to secure an AI agent project in a company? Compliance guide for CIOs and CISOs
This article details the security principles to be applied from the design stage of an AI agent (security by design), the regulatory compliance standards to be met, and IT Systèmes' proven methodology for deploying compliant and secure AI agents in your information system.
The 5 fundamental pillars of security for an AI agent in a business
1. End-to-end encryption of sensitive data
All data processed by the AI agent must be encrypted in transit and at rest in accordance with the most stringent security standards:
Encryption in transit:
- Minimum TLS 1.3 protocol for all communications
- IPSec VPN tunnels for inter-site connections
- Strictly validated SSL/TLS certificates
- HTTPS protocol mandatory for all APIs
Encryption at rest:
- AES-256 algorithm for storing sensitive data
- Encryption before writing to disk, decryption only at the time of use
- No plaintext data is ever stored on the servers.
- Automatic rotation of encryption keys
Secure encryption key management: Encryption keys are managed via a dedicated HSM (Hardware Security Module) or a certified cloud key management service (Azure Key Vault, AWS KMS, Google Cloud KMS). This architecture ensures that sensitive data (passwords, API tokens, GDPR personal data) remains protected even if a server is compromised.
2. Strong authentication and access management (IAM) for AI agents
The AI agent authenticates exclusively via SSO (Single Sign-On) using standard security protocols:
- SAML 2.0 for identity federation
- OAuth 2.0 for delegated authorization
- OpenID Connect for modern authentication
Fundamental security principle: the AI agent strictly inherits the permissions of the user interacting with it. No high-privilege service accounts are created. The AI agent can only perform actions that the user could perform manually in business applications.
Multi-factor authentication (MFA): For sensitive actions requiring enhanced security (modification of financial data, access to HR data, deletion of data),multi-factor authentication (MFA) is mandatory.
Principle of least privilege applied systematically: The AI agent only accesses the data and systems strictly necessary for the performance of its function. Access rights are reviewed and audited quarterly as part of security governance.
3. Full traceability and immutable audit trail
Every action taken by the AI agent is recorded in a secure, immutable audit log to ensure full traceability and meet regulatory compliance requirements.
Data recorded in the audit trail:
- Full user identity (ID, name, department)
- Precise UTC timestamp for each request
- Exact query entered by the user
- Action performed by the AI agent on target systems
- Data accessed or modified
- Response from the AI agent to the user
- Operation status (success, failure, error)
- Target information system (ERP, CRM, HRIS)
Retention of audit logs: Audit logs are retained in accordance with your industry-specific regulatory obligations:
- Minimum 1 year for general GDPR compliance
- Up to 10 years for regulated sectors (banking, healthcare, energy, defense)
These audit logs enable compliance with GDPR audits (right of access, right to be forgotten, data portability), ISO 27001 controls, and security investigations in the event of a cyber incident.
4. Network segmentation and isolation of the AI agent
The AI agent is deployed in a segmented and secure network environment in accordance with network security best practices:
Secure network architecture:
- Isolated dedicated VLAN for the AI agent
- Isolated network subnet with strict routing rules
- WAF (Web Application Firewall) application firewall
- Restrictive incoming and outgoing filtering rules
Zero-trust security principle: The AI agent can only communicate with information systems that are explicitly authorized in the security policy. No direct internet access is allowed: all outgoing requests go through a secure HTTP proxy with URL filtering, SSL inspection, and blocking of malicious domains.
Isolation of sensitive data: Sensitive data never passes through public servers or uncertified third-party clouds. The AI agent operates exclusively on your private cloud infrastructure (Azure, AWS, GCP) or on your secure on-premises infrastructure.
5. Regulatory compliance and GDPR data governance
The AI agent strictly adheres to the fundamental principles of the GDPR for the protection of personal data:
Data minimization: The AI agent collects and processes only the personal data strictly necessary for the performance of its business function.
Limitation of storage period: Personal data is stored only for as long as necessary for the purposes of processing, after which it is automatically deleted or anonymized.
Guaranteed rights of individuals:
- Right of access: the user can view all personal data processed by the AI agent.
- Right to be forgotten: complete deletion of data upon user request
- Right to rectification: correction of inaccurate data
- Right to portability: exporting data in a structured format
Anonymization and pseudonymization: Personal data can be automatically anonymized before processing by the AI agent to reduce security risks and comply with the principle of privacy by design.
Mandatory GDPR documentation: We document the data processing by the AI agent in your GDPR processing register with all regulatory information: purpose of processing, legal basis, data categories, retention period, technical and organizational security measures.
NIS2 compliance for critical sectors: For companies in critical sectors (healthcare, finance, energy, transportation, essential digital services), the AI agent complies with the NIS2 directive with a business continuity plan (BCP), disaster recovery plan (DRP), and regular cyber resilience testing.
AI agent regulatory compliance: GDPR, NIS2, ISO 27001, AI Act
GDPR compliance (General Data Protection Regulation)
Mandatory DPIA impact assessment: If the AI agent processes sensitive personal data on a large scale (health data, biometric data, judicial data), a data protection impact assessment (DPIA) must be carried out prior to deployment.
GDPR security measures:
- Anonymization or pseudonymization of personal data where technically feasible
- Systematic encryption of sensitive data
- Strict access controls with the principle of least privilege
- Regular security testing and compliance audits
Rights of data subjects:
- Right of access: the user may request access to their data processed by the AI agent.
- Right to be forgotten: permanent deletion of personal data upon justified request
- Right to object: possibility to refuse automated processing by the AI agent
- Right to rectification: correction of inaccurate or incomplete personal data
NIS2 compliance (Directive on the security of network and information systems)
Sectors covered by NIS2: Companies in critical sectors (health, energy, transport, finance, digital services, water, food, space, public administration).
NIS2 security requirements:
- Mandatory cyber risk management with formal risk analysis and treatment plan
- Documented and tested security incident response plan
- Regular cyber resilience tests (penetration tests, crisis exercises, continuity tests)
- Notification of incidents to ANSSI within 24 hours in the event of a major cyberattack
ISO 27001 compliance (Information security management)
Security Management System (SMSI): Deployment of an AI agent as part of a documented and audited security policy in accordance with ISO 27001.
ISO 27001 security controls applied:
- Asset management: comprehensive inventory of data and systems connected to the AI agent
- Data classification: public, internal, confidential, sensitive data
- Access controls: authentication, authorization, rights review
- Cryptography: encryption, key management, digital signatures
- Network security: segmentation, firewalls, intrusion detection IDS/IPS
AI Act Compliance (European Regulation on Artificial Intelligence)
Risk classification according to the AI Act: Most AI agents in companies are classified as "limited risk" or "minimal risk" according to the European AI Act regulation. High-risk AI agents (recruitment, credit, health) require stricter requirements.
AI Act transparency requirements:
- Users must be explicitly informed that they are interacting with artificial intelligence.
- Important automated decisions must be explainable and contestable.
- Complete technical documentation required (architecture, training datasets, performance metrics)
Required technical documentation:
- Explicability of decisions: traceability of the AI agent's reasoning
- Training datasets: data sources, potential biases, representativeness
- AI governance: responsibilities, validation processes, ongoing monitoring
Regular security tests and audits of the AI agent
Security testing before going live
Before an AI agent is put into production, thorough security testing is mandatory to identify and fix any vulnerabilities:
Penetration testing (pentests): Simulation of real attacks by cybersecurity experts to identify exploitable security vulnerabilities (SQL injection, XSS, CSRF, privilege escalation).
Injection tests specific to IA agents:
- Prompt injection: attempts to manipulate agent behavior via malicious requests
- SQL injection: injection of malicious SQL code into queries
- Command injection: execution of unauthorized system commands
Fuzzing tests for robustness: Sending malformed, random, or extreme inputs to verify that the AI agent does not crash and handles errors correctly without exposing sensitive information.
Load and resilience testing: Validation of the resilience of the AI agent under heavy load (peak simultaneous requests, stress test) and verification of behavior under degraded conditions.
Quarterly post-deployment security audits
After deployment into production, quarterly security audits verify that security measures remain effective and that recently published vulnerabilities (CVEs) are patched promptly.
Automated scanning tools: We use professional vulnerability scanners (Qualys, Nessus, OpenVAS) to automatically detect known security vulnerabilities in the AI agent infrastructure.
Manual code and architecture reviews: Security experts perform in-depth manual reviews of source code and architecture to identify logical vulnerabilities that cannot be detected by automated scanners.
Security incident management and response plan
AI agent security incident response plan
In the event of a security incident detected on the AI agent (attempted intrusion, data leak, abnormal behavior, account compromise), a formalized response plan is activated immediately:
Phase 1 - Detection and isolation (0-1 hour):
- Incident detection via security monitoring (SIEM, IDS/IPS)
- Immediate isolation of the IA agent to limit spread
- Blocking suspicious access and revoking compromised tokens
Phase 2 - Forensic analysis (1-4 hours):
- In-depth forensic analysis of audit logs
- Identification of the root cause of the incident
- Assessment of the impact and potentially compromised data
Phase 3 - Correction and remediation (4-24 hours):
- Correction of the identified security flaw
- Application of necessary security patches
- Correction validation tests
Phase 4 - Notification and communication (24-72 hours):
- Mandatory notification to the CNIL within 72 hours if personal data is compromised (GDPR compliance)
- Transparent communication with stakeholders (management, affected users)
- Complete documentation of the incident in the security log
Phase 5 - Continuous improvement:
- Post-mortem review of the incident
- Update of safety procedures
- Strengthening preventive measures
Crisis exercises and continuing education
Crisis simulation exercises (tabletop exercises) are organized every six months to test the responsiveness and effectiveness of security teams in the event of a major incident involving the AI agent.
Continuing education for teams:
- Regular awareness training on cyber risks specific to AI agents
- Training in emerging attack techniques (prompt injection, data poisoning)
- Sharing best practices in security and feedback
→ Discover: How to integrate an AI agent into your existing information system?
→ Learn more: AI agents for businesses
.svg)