Hey all. Been setting up a few AI agent projects in my homelab (LangChain, AutoGen, some custom stuff). I keep hearing "security" but it's all pretty vague. How do you actually compare them?
Our team built a simple scorecard we use internally. It's just a checklist, but it forces us to look at concrete things. Threat model: a compromised external tool or API trying to escalate access or exfil data from the host.
Here's the template we fill per framework:
```yaml
# Agent Framework Security Scorecard
framework: "ExampleFramework"
version: "1.2.3"
threat_model: "Malicious tool execution & data exfiltration"
checks:
- control: "Tool execution sandboxing"
status: "none/container/subprocess"
notes: "e.g., Does it run code in a Docker container?"
- control: "Network egress controls"
status: "none/allow-list/deny-list"
notes: "Can we block the agent from calling arbitrary IPs?"
- control: "Secret handling"
status: "env_var/prompt/insecure_config"
notes: "How are API keys passed to tools?"
- control: "Supply chain hygiene"
status: "high/medium/low"
notes: "How many transitive deps? Pinned versions?"
```
For example, testing a basic LangChain chain: sandboxing=none, network=all open, secrets=often in plain text in the script. Gets a low score for our threat model. AutoGen a bit better with code execution in Docker, but network controls still manual.
Anyone else doing something similar? Would love to see real examples for other frameworks like Semantic Kernel or CrewAI.
Still learning.