Agentic AI systems—AI tools that take autonomous action on behalf of a human operator across tools, services, and environments—introduce attack surfaces that most current security frameworks do not adequately model. Existing approaches focus primarily on prompt injection at the agent layer while treating the tool, vendor, and state layers as out-of-scope. This paper presents the Four Gates framework: a diagnostic instrument for evaluating the security posture of agentic systems across five threat layers, three primary attack surfaces, five boundary hygiene constraints, and four governance rubric questions. This paper introduces "silent enumeration" as a distinct, named attack surface — the passive mapping of an operator's environment as a side effect of normal agent task completion, prior to and distinct from active exfiltration. This concept does not appear as a named category in current practitioner frameworks including ATFAA, OWASP ASI, and CSA MAESTRO. The framework is applied to the Doctronic clinical AI breach (disclosed March 2026), demonstrating that each gate corresponds to a distinct, independently exploitable failure mode. The Four Gates are proposed as a pre-deployment diagnostic standard and a post-incident forensic instrument for agentic systems operating in regulated and high-stakes environments.
Narnaiezzsshaa Truong (Fri,) studied this question.