Your AI agent can read email, browse the web, call APIs, and execute code. So can anyone who successfully injects instructions into it. The difference between a chatbot failure and an agent failure is that an agent failure is an action.
AI Agent Security: A Field Manual is a working reference for engineers who build, deploy, or operate LLM-based agents. It is not a collection of scary anecdotes. It is a traceable system: every threat has an ID (TH), every threat maps to a control (CT), every control to a requirement (REQ), and every requirement to a verification test (VT). If you cannot trace a security claim to a test, the claim is decoration. This book is built so you never have to make decorated claims.
Inside: prompt injection and untrusted-content handling, agent identity and short-lived credentials, egress allowlists and sandboxed execution, MCP supply-chain pinning and rug-pull detection, Enterprise-Managed Authorization (EMA), memory provenance, and logging you can actually reconstruct an incident from. Plus configuration checklists you can apply this week.
The book is free, and it stays current. Agent security shifts monthly — new tool protocols, new injection classes, new platform controls. Each revision is logged in the Changelog & Errata chapter, and Leanpub notifies you when an update ships. Treat it less like a book and more like a subscription to a threat model.
One thing this manual deliberately does not do: run the tests for you. That job belongs to the companion AI-Agent Security Verification Kit — a CLI that executes the checks against your agent configuration and emits signed, RFC 3161 timestamped evidence you can gate CI on or hand to an auditor. The manual explains the threats; the kit executes the tests and produces the evidence. Explanation is free. Execution and defensible evidence are paid:
https://0xshugo.gumroad.com/l/AI-Agent
Licensed CC BY-NC-ND 4.0. Read it, apply it, argue with it.