https://specdd.ai/how-to/security-and-risk/Spec-driven development security and risk guides for agent authority, security constraints, forbidden dependencies, authentication, privacy, secrets, audit logging, and review.Hugoen-ushttps://specdd.ai/how-to/security-and-risk/how-to-use-specdd-to-limit-agent-risk/https://specdd.ai/how-to/security-and-risk/how-to-use-specdd-to-limit-agent-risk/Limit AI coding agent risk with spec-driven development by defining write authority, readable context, Must not rules, Forbids entries, review gates, and verification evidence.https://specdd.ai/how-to/security-and-risk/how-to-write-security-constraints-in-specs/https://specdd.ai/how-to/security-and-risk/how-to-write-security-constraints-in-specs/Write security constraints in SpecDD specs for spec-driven development using Must, Must not, Forbids, ownership, interface contracts, scenarios, and Done when evidence.https://specdd.ai/how-to/security-and-risk/how-to-prevent-agents-from-adding-forbidden-dependencies/https://specdd.ai/how-to/security-and-risk/how-to-prevent-agents-from-adding-forbidden-dependencies/Prevent AI agents from adding forbidden dependencies with spec-driven development Forbids entries, dependency direction rules, static checks, review gates, and focused prompts.https://specdd.ai/how-to/security-and-risk/how-to-spec-authentication-boundaries/https://specdd.ai/how-to/security-and-risk/how-to-spec-authentication-boundaries/Specify authentication boundaries with spec-driven development by naming the identity owner, trusted inputs, failure behavior, bypass rules, dependencies, scenarios, and checks.https://specdd.ai/how-to/security-and-risk/how-to-spec-data-privacy-requirements/https://specdd.ai/how-to/security-and-risk/how-to-spec-data-privacy-requirements/Specify data privacy requirements with spec-driven development by documenting protected data, access rules, retention, redaction, deletion, logging limits, scenarios, and verification.https://specdd.ai/how-to/security-and-risk/how-to-review-security-sensitive-changes-with-specdd/https://specdd.ai/how-to/security-and-risk/how-to-review-security-sensitive-changes-with-specdd/Review security-sensitive changes with spec-driven development by checking governing specs, write authority, Must not and Forbids rules, risk, tests, logs, secrets, and audit evidence.https://specdd.ai/how-to/security-and-risk/how-to-use-specdd-for-risk-classification/https://specdd.ai/how-to/security-and-risk/how-to-use-specdd-for-risk-classification/Use spec-driven development for change risk classification by checking authority, constraints, security surfaces, data impact, dependencies, verification, and review needs.https://specdd.ai/how-to/security-and-risk/how-to-create-a-secure-coding-bootstrap-file/https://specdd.ai/how-to/security-and-risk/how-to-create-a-secure-coding-bootstrap-file/Create secure coding bootstrap rules for spec-driven development in .specdd/bootstrap.project.md with shared security review expectations, commands, dependency policy, secrets rules, and risk gates.https://specdd.ai/how-to/security-and-risk/how-to-spec-secrets-handling/https://specdd.ai/how-to/security-and-risk/how-to-spec-secrets-handling/Specify secrets handling with spec-driven development by documenting secret loading, storage, passing, rotation expectations, logging rules, forbidden access, and verification.https://specdd.ai/how-to/security-and-risk/how-to-spec-audit-logging/https://specdd.ai/how-to/security-and-risk/how-to-spec-audit-logging/Specify audit logging with spec-driven development by naming security-sensitive events, required fields, forbidden sensitive data, failure handling, scenarios, and verification evidence.https://specdd.ai/how-to/security-and-risk/how-to-spec-rate-limiting-and-abuse-prevention/https://specdd.ai/how-to/security-and-risk/how-to-spec-rate-limiting-and-abuse-prevention/Specify rate limiting and abuse prevention with spec-driven development by defining enforcement points, limit keys, responses, bypass rules, observability, scenarios, and tests.https://specdd.ai/how-to/security-and-risk/how-to-spec-payment-or-billing-safety-rules/https://specdd.ai/how-to/security-and-risk/how-to-spec-payment-or-billing-safety-rules/Specify payment and billing safety rules with spec-driven development for authorization, idempotency, double-charge prevention, refunds, rollback behavior, audit logs, and review.https://specdd.ai/how-to/security-and-risk/how-to-prevent-agents-from-weakening-security-checks/https://specdd.ai/how-to/security-and-risk/how-to-prevent-agents-from-weakening-security-checks/Prevent agents from weakening security checks with spec-driven development guardrails for validation, authorization, secrets, dependency boundaries, CI gates, and review evidence.