Who is this checklist for?

Teams that let AI agents read external business inputs such as emails, PDFs, CRM notes, support tickets, supplier portals or copied text.

What does the checklist help us test?

It checks whether invisible Unicode, prompt injection, weak tool permissions or incomplete approval screens can reach the model or its tools.

Is this only relevant for autonomous agents?

No. It also matters for supervised agents because humans can approve text that looks harmless while hidden instructions are still present in the underlying input.

AI Agent Security · German SME checklist

Before your AI agent reads real business documents, test the intake layer.

Name: KoBra ePOD API
Author: KoBra Dataworks

A practical checklist for German SMEs that want to put AI agents near emails, PDFs, CRM notes and support tickets without creating hidden input, permission or compliance risk.

Coming from X?

I write about AI agents in English because most operator and security discussions happen there. KoBra Dataworks works with German SMEs, so implementation, compliance, responsibilities and vendor coordination are intentionally mapped to German business reality.

English for reach. German/DACH context for revenue, compliance and rollout.

Detect invisible instructions before the model sees them

Separate external content from system instructions

Check tool permissions before write access goes live

Make human approvals show the real risk

For German SMEs / DACH operators

If you run a German SME and want to deploy AI agents near inboxes, CRMs, finance workflows or customer communication, use this checklist before the first production rollout.

The topic is international. The implementation has to survive German processes: Datenschutz, Verantwortlichkeiten, Freigaben, Lieferantenkoordination and audit trails.

The problem

A human sees a normal email. The model may receive hidden Unicode instructions that never appear in the UI.

The risk

Agents can update CRMs, draft replies, route tickets or prepare imports. Prompt injection becomes workflow risk.

The fix

Treat external documents as untrusted input. Sanitize, limit tools, log decisions and show approvals clearly.

What is inside the checklist?

The PDF is a pre-flight audit for teams that want useful AI agents without handing them unsafe inputs or oversized tools.

Section 1

Scope and workflow map

Section 2

External input hygiene

Section 3

Prompt-injection handling

Section 4

Tool permission boundaries

Section 5

Human approval that actually works

Section 6

Logging and audit trail

Section 7

Test cases before rollout

Section 8

Minimum go-live standard

Quick self-test

Can your system detect invisible instructions before the model sees them?

If the answer is no, the first security layer is missing. Start there before giving an agent more tools, more autonomy or access to business-critical workflows.