When you manage multiple connected AI Agents and need to monitor their security status centrally, use the Agent Security Center overview page to quickly understand asset distribution, identify pending risks, and investigate security events. This topic describes the functional areas on the overview page and how to use them.
View Agent information
Access the Security Center console - Agent Security Center - Agent Overview. In the upper-left corner of the page, select the region where the assets to be protected are located: Chinese Mainland or Outside Chinese Mainland.
The Agent Overview page is divided into the following functional areas:
Relationship graph: Located in the center of the page, it visually displays the connections between Agents and their associated assets (such as models, tools, and knowledge bases) along with statistical counts.
Connected platforms: Located in the upper-right corner of the page, it shows the integrated Agent platforms (such as OpenClaw, Alibaba Cloud Model Studio, and PAI) and the synchronized asset entry. For more information, see Connect to Agent Security Center.
Pending risks: Located in the lower-right area of the page, it centrally lists all pending risk items, including risk level, risk name, associated Agent, and risk source. For more information, see Agent threats.
Security products: Located on the right side of the page, it shows the activation status of Alibaba Cloud security products under the current account.
Security Center: Security Center is a cloud-native application protection platform (CNAPP) that integrates prevention, detection, response, governance, and visibility. It protects workloads such as hosts, containers, and virtual machines in multi-cloud environments. For more information, see What is Security Center.
WAF: Web Application Firewall (WAF) identifies and blocks malicious traffic patterns for websites or apps to ensure business and data security. For more information, see What is WAF?.
Agent ID Guard: Provides centralized identity authentication and management services, ensuring secure identity verification and access control for Agents.
AI Guardrails: AI Safety Guardrails provides comprehensive input and output protection for large language models and AI Agents, covering content compliance, sensitive data protection, prompt injection attacks, malicious files, malicious URLs, model hallucination, and prompt scraping. It also supports digital watermark embedding for generated content. For more information, see What is Guardrails.
NoteSome AI risks and assets detected by AI Guardrails are synchronized to AI assets and Agent threats.
SASE: Provides integrated office security capabilities including zero-trust internal network access, data leak prevention, internet behavior management and auditing, and office access acceleration.
NoteAssets and security risks detected by SASE are synchronized to AI assets and Agent threats.
View relationship graph
The relationship graph visually displays the connections between all Agents and their associated assets under the current account, enabling quick understanding of architecture dependencies and security risk distribution. The center of the graph shows the total number of connected Agents, while surrounding nodes display the counts and risk distribution of various associated assets:
The risk count on each module node represents the number of risks associated with that module. The total risk count is the sum of all individual risk items and may exceed the number of affected assets.
Module | Description | Supported operations |
AGENTS | Intelligent entities with autonomous decision-making and tool invocation capabilities. Displays the total number of connected Agents. | Click the AGENTS icon to go to the Agent Details page, where you can view the Agent list and information such as the relationship graph and pending risks for individual Agents. |
Internet | Network access entry points, such as public URLs and domain names through which an Agent exposes services. | None |
Identity | Assets related to identity and credentials, such as API keys and access credentials. | None |
Skills | Pre-configured independent capability combinations that an Agent can invoke. Each skill contains specific tools, resources, and permissions. In the relationship graph, skills appear as independent resource nodes. | Click the Skills icon to go to the Skills List page, which displays the list of all skills associated with Agents under the current account, including skill names and risk counts. |
Model | Core AI algorithm files or model services hosted by cloud providers. | Click the Model icon to go to the Model List page, which displays all AI models connected under the current account. |
Agent infrastructure | Knowledge base | Knowledge base assets, such as Retrieval-Augmented Generation (RAG) resources. |
Training dataset | Datasets used for AI model training. | |
Tool | Specific functional interfaces or script plugins that an Agent can invoke. | |
Storage | Storage-related assets, such as Object Storage Service (OSS) and File Storage NAS. | |
Database | Database-related assets, such as ApsaraDB RDS, Redis, and MongoDB. |
View Agent list
The Agent list displays all connected Agent asset information, including Agent name, platform, operating environment, and node count. It supports two viewing modes: Visual Analytics and List.
In the relationship graph area on the Agent Overview page, click the AGENTS icon in the center to go to the Agent Details page.
Two viewing modes are available:
Visual Analytics mode: This is the default mode. The left side shows the Agent list, the center displays the relationship graph, and the right side shows the pending risks list.
Agent List: Click
to expand the filter conditions. You can filter by Platform, Risk, or Agent name.Relationship graph: Displays the relationship graph of the currently selected Agent in a visual format for intuitive viewing of Agent associations.
View module information: Click the corresponding module icon in the graph to view its associated details. For example, click Skills to view the list of skills associated with the current Agent (including skill names and risk counts) in the center area of the graph, while the right-side pending risks panel filters to show only skill-related risks.
View activated security products: Shows the Alibaba Cloud security products that the current Agent has connected to (a non-gray icon indicates the product is activated). Click the corresponding icon (such as WAF or AI Guardrails) to navigate to the corresponding product platform.
NoteAI Red Teaming is a limited-time service provided by the Agent Security of Security Center. For configuration instructions, see Agent threats.
Pending Risks: Pending risks detected for the current Agent. Click a risk name to view its details and the Recommended Actions. For more information, see Agent threats.
List mode: In the upper-right corner of the page, click the List button to switch to the list view.
Field
Description
Agent Name
The display name of the Agent. Click the name to view the associated Agent Threat, Security Protection (activated Alibaba Cloud security protection products), Agent Node, Infrastructure (deployment location), and more.
Platform
The platform to which the Agent belongs, such as OpenClaw, PAI, or Agent Run.
Running Environment
The operating environment information of the Agent, such as IP address or instance identifier.
Agent Node
The number of associated Model, Tools, Identity, Knowledge Base, and Skills, along with the number of detected risks, in the format "risks/total".
Security Protection
: The installation and running status of the Security Center agent. When running normally, the icon appears as
.
: The installation status of the runtime defense plugin for the Agent. Click the icon to automatically install the security plugin. After successful installation, the icon appears as
.NoteCurrently, only OpenClaw is supported. For more information, see Agent threats.
View model list
The model list displays all AI models connected under the current account, including basic model information, connection status, and security detection results. It is applicable to scenarios such as security auditing, asset inventory, and risk troubleshooting.
In the relationship graph area on the Agent Overview page, click the Model icon to go to the model list page.
In the left-side All Model area, click a model name to view its details, including connection status, security detection results, and associated Agents.
Field
Description
Provider
The vendor or platform that provides the model service, such as Alibaba Cloud Model Studio or Tongyi Lab.
URL
The API address used to access the model.
Agent Name
The list of Agents that use this model. Click an Agent name to view its associated Agent Threat, Security Protection (activated Alibaba Cloud security protection products), Agent Node, Infrastructure (deployment location), and more.
View skill list
The skill list displays all connected skills under the current account. It is applicable to scenarios such as security auditing, asset inventory, and risk troubleshooting.
In the relationship graph area on the Agent Overview page, click the Skills icon to go to the skill list page.
In the left-side All Skills area, click a skill name to view the list of Agents that use this skill.
Field
Description
Agent Name
Click the Agent name to view its associated Agent Threat, Security Protection (activated Alibaba Cloud security protection products), Agent Node, Infrastructure (deployment location), and more.
Risks
Click the risk count to view the risks associated with this skill. The following Skill risk types can be detected:
Supports in-depth detection of skill configuration health, identifying insecure configurations such as over-authorization and credential exposure.
Supports AI-related baseline risk detection (such as Alibaba Cloud Standard - OpenClaw Security Baseline) and associates with the baseline of the Cloud Security Posture Management (CSPM) system for unified security baseline management.
NoteFor more information, see Agent threats.
URL
The API address used to access the skill.