Skip to content
Back to home
Agentic Security Center

Security for the Agent Era

Trusteed is built from the ground up to operate safely in multi-agent environments. This page documents our threat model, defenses, and responsible disclosure process.

Threat Model

Six threat categories we actively defend against in the MCP ecosystem.

Prompt Injection

Malicious instructions embedded in product content, descriptions, or third-party data that attempt to hijack agent behavior.

INTEGRITY NOTICE in llms.txt; all tool inputs validated via Zod schemas; no raw HTML in agent-facing responses.

Tool Poisoning

An MCP tool returns a crafted payload designed to alter the agent's subsequent actions or exfiltrate context.

Signed tool responses; strict output schema validation; tool output never interpolated into system prompts.

Checkout Abuse

An agent—or attacker posing as one—creates carts and checkouts at high volume to exhaust inventory or trigger fraud.

Rate limiting enforced: create_cart 20 req/min, complete_checkout 10 req/min per agent identity.

Fraudulent Agents

A rogue agent presents itself as a legitimate buyer to bypass fraud controls or access restricted operations.

OAuth 2.0 M2M authentication required; KYAI engine applies merchant-defined rules per agent identity.

Merchant Impersonation

A fake platform mimics a legitimate merchant to intercept agent transactions or capture payment credentials.

Trust score >= 0.70 required for checkout-eligible merchants; QTSP timestamps on all signed trust records.

Data Exfiltration

An agent attempts to extract customer PII, order history, or payment data beyond its authorized scope.

Scoped API keys enforced per operation; no PII included in agent-facing tool responses; agent_events log all data access.

API Key Scopes

All agent access is restricted to declared scopes. Requesting data outside a key's scope returns a 403.

read:productsSearch and read product catalog
read:merchantView merchant profile and trust score
write:cartCreate and modify cart
write:checkoutInitiate checkout flow
admin:merchantStore management — merchants only

Audit & Confirmation Model

  • security-logger.ts records every security event: auth failures, rate limit hits, scope violations, and anomalous patterns.

  • Merchants configure human-confirmation rules via the KYAI engine — e.g. require approval for orders above a threshold.

  • Agent event logs are available in the merchant dashboard (agent_events table), filterable by agent identity and action type.

Responsible Disclosure

We take security reports seriously and respond quickly to critical vulnerabilities.

  • Security emailsecurity@trusteed.xyz
  • Response SLA< 72 hours for critical vulnerabilities
  • Trust appealPOST /api/v1/trust/appeal
Contact security team
Agentic Security Center | Trusteed