Security

Corporate & InfrastructurePhase 3

Lead: Security Orchestrator Agent

7 agents7 planned

Linear: HB-SECU

28 permissions (4 write)Parallelization+ Routing

Architecture Pattern

Security agents monitor multiple threat vectors in parallel. Incoming security events are routed by type (access, network, data, permissions) to specialized handlers.

Evaluation

4 metrics defined

Error Handling

3 scenarios covered

Self-Improvement

3 human checkpoints

Phase 3: Scale & Polish

Scale & Polish. Security automation agents monitor threats and audit code. Core security practices cover Phase 1-2; agents scale monitoring in Phase 3.

Tools

Back Office APILinear

Goals

Protect platformDDoS preventionPenetration testingManage back office permissionsTriage agent go-live requests

Agent Sizing Rationale

7 agents: 1 orchestrator + 3 security specialists (odd for vulnerability severity voting) + 1 operations + 2 permissions management. Vulnerability assessments use 3-agent consensus.

Security Assessment (3-agent panel)

AgentDescriptionComplexityRolesStatusActions

Application Security AgentPerforms code scanning, dependency audits, and OWASP compliance checks.medium

monitoranalystguardian

Infrastructure Security AgentManages firewalls, DDoS protection, network segmentation, and access controls.medium

guardian

Penetration Testing AgentRuns automated penetration tests and red team exercises against the platform.medium

executor

Security Operations

AgentDescriptionComplexityRolesStatusActions

Incident Response AgentManages security incidents, coordinates response, and performs post-mortems.medium

guardian

Security Orchestrator AgentCoordinates all security operations, manages vulnerability backlog, and reports risk posture.complex

orchestratoranalystguardian

Permissions & Access Control

AgentDescriptionComplexityRolesStatusActions

Permissions Manager AgentControls back office permission grants for all agents. Manages read/write access to each back office module (Analysis, Record, Users, System, Games, Finance, Operations, Settings, etc.). Handles access request workflows — when an agent needs elevated permissions, this agent triages the request, validates the scope, and grants or escalates. Also manages agent go-live approvals: when a new agent is ready to move from 'planned' to 'active', this agent reviews its permission requirements, runs a security check, and approves or flags for human review.medium

analystroutergenerator

Access Audit AgentContinuously audits which agents have which back office permissions. Detects permission drift, unused elevated access, and over-provisioned agents. Generates weekly access reports and flags anomalies. Works with Permissions Manager to enforce least-privilege principle across all 22 departments.medium

monitoranalystgenerator

Agents Used From Other Departments

These agents from other departments feed data into or are called by this department's agents.

DevOps & InfrastructureExternal

Infrastructure AgentDevOps Orchestrator Agent

Infrastructure configuration is the primary attack surface to monitor.

Risk & FraudExternal

Fraud Pattern Agent

Fraud patterns may indicate security breaches or compromised accounts.

Compliance & LegalExternal

Regulatory Agent

Security standards must meet regulatory requirements for licensed jurisdictions.

Player Intelligence & DataExternal

Data Pipeline Agent

Security incidents involving player data breaches require coordination with Player Intelligence for impact assessment and notification.

Customer SupportExternal

CS Orchestrator AgentEscalation Agent

Account takeover incidents and security-related player complaints surface through Customer Support and require Security investigation.