FAMILY METHOD
Agentic/RAG Tool Methodology.
Workflow rails, permission boundaries and contamination-path instruments for tool-using AI and retrieval systems.
TOOL FAMILY
Agentic AI and RAG Security.
Additional page sections
Workflow rails, permission boundaries and contamination-path instruments for tool-using AI and retrieval systems.
INSTRUMENTS
Purpose-built tools in this family.
Each instrument has a method, assumptions, limitations, example output and exportable artifact.
Agentic AI and RAG Security
Additional section
Agentic Workflow Rail
Builds a swimlane control map for user, agent, policy, memory, retrieval, tools, human approval, audit and rollback.
- Best for
- Agentic workflow control map
- Input
- 6 categorical evidence fields
- Output
- Agentic workflow control map
- Method
- swimlane
- Maturity
- Beta · v1.9
- Limits
- Does not simulate a real agent.
- Exports
- copy, Markdown, JSON, Mermaid
Agentic AIRAG Security
open instrument →
Agentic AI and RAG Security
Agentic AI Permission Boundary Designer
Creates an allow/deny permission-boundary architecture for tool-using AI systems.
- Best for
- Permission-boundary map
- Input
- 6 categorical evidence fields
- Output
- Permission-boundary map
- Method
- permission graph
- Maturity
- Beta · v2.1
- Limits
- Does not generate bypass instructions.
- Exports
- copy, Markdown, JSON, Mermaid
Agentic AIRAG Security
open instrument →
Agentic AI and RAG Security
RAG Contamination Threat Model
Maps contamination paths from source material through retrieval into model output and downstream action.
- Best for
- RAG contamination path report
- Input
- 6 categorical evidence fields
- Output
- RAG contamination path report
- Method
- pipeline
- Maturity
- Beta · v2.3
- Limits
- Does not test a live vector database.
- Exports
- copy, Markdown, JSON, Mermaid
Agentic AIRAG Security
open instrument →
Agentic AI and RAG Security
Prompt-Injection Sandbox
Classifies suspicious instruction patterns in test text and maps them to defensive containment recommendations.
- Best for
- Prompt-injection defensive test case
- Input
- 4 structured fields including narrative context
- Output
- Prompt-injection defensive test case
- Method
- console lab
- Maturity
- Released · v2.4
- Limits
- Does not provide bypass recipes.
- Exports
- copy, Markdown, JSON
Agentic AIRAG Security
open instrument →
Agentic AI and RAG Security
Model and RAG Release Gate Checklist
Produces a go/no-go release memo for models, RAG systems, copilots and agentic features.
- Best for
- Model/RAG release memo
- Input
- 7 categorical evidence fields
- Output
- Model/RAG release memo
- Method
- timeline
- Maturity
- Beta · v2.5
- Limits
- Does not approve release.
- Exports
- copy, Markdown, JSON
Agentic AIRAG Security
open instrument →
Agentic AI and RAG Security
AI Vendor Assurance Questionnaire Builder
Generates buyer or vendor assurance questions for model APIs, copilots, RAG platforms and agentic workflow vendors.
- Best for
- AI vendor assurance questionnaire
- Input
- 5 categorical evidence fields
- Output
- AI vendor assurance questionnaire
- Method
- evidence matrix
- Maturity
- Beta · v2.7
- Limits
- Does not verify vendor claims.
- Exports
- copy, Markdown, JSON, CSV
Agentic AIRAG Security
open instrument →