Compliance · Frameworks
OWASP LLM Top 10 carries the most open mapped findings — 5 of 6
4 control frameworks are instrumented from observed behavior, covering 6 of 7 findings. 2 high-severity findings reveal control gaps — a finding flags a gap, it is not itself a failed control. Heaviest load: OWASP LLM Top 10 at 5 open mapped findings.
Frameworks auto-map from findings.framework; the pass/fail judgement stays the auditor's.
Frameworks covered
instrumented · 3 projected (ghosted)
Controls with findings
6 of 7 findings mapped
High-severity mapped
reveal a control gap
Evidence-ready
findings from instrumented agents
How to read this
A high finding reveals a control gap — it is not itself a failed control. Each finding is observed behavior auto-mapped to the control families it touches; the pass/fail judgement is the auditor's, made against this evidence trail. Framework tags are derived from each finding's framework string.
Instrumented control families
4 families · 6 of 7 findings mappedBlind spot: some evidence for this family comes from ungoverned or shadow agents — treat conformance here as unverified until those agents are instrumented and policy-bound.
Why these findings map here — 5 findings
Approvals & sandbox bypassed (--yolo) ungoverned agent
highmarketing-gpt runs with approvals and sandbox disabled — it can take any action without a human gate.
Why-trail
- agent · marketing-gpt · ungoverned
- behavior · Approvals & sandbox bypassed (--yolo)
- mapped via · OWASP LLM06 Excessive Agency · OWASP Agentic · Insecure tool use
Remediation: Require an approval policy; disable --yolo; run sandboxed.
open agent profile →Agent running as root ungoverned agent
highmarketing-gpt and support-copilot execute as root — a compromised prompt inherits full host privilege.
Why-trail
- agent · marketing-gpt · ungoverned
- behavior · Agent running as root
- mapped via · MITRE ATLAS · Privilege Escalation · OWASP LLM06
Remediation: Drop privileges; run under a dedicated low-privilege service account.
open agent profile →Static API key on consumer-aliased identity ungoverned agent
mediumCodex CLI authenticates with a long-lived API key bound to a duck.com alias, not an org-backed identity.
Why-trail
- agent · Codex CLI · ungoverned
- behavior · Static API key on consumer-aliased identity
- mapped via · MITRE ATLAS · Credential Access · OWASP LLM (Non-Human Identity)
Remediation: Move to org-backed OAuth; rotate the static key; join the alias to your IdP.
open agent profile →Sensitive files read into agent context
mediumClaude Code read ./.env and ~/.aws/credentials into its working context.
Why-trail
- agent · Claude Code · governed
- behavior · Sensitive files read into agent context
- mapped via · OWASP LLM02 Sensitive Information Disclosure · NIST AI RMF · MEASURE
Remediation: Scope retrieval; add a deny rule for credential paths; enable content inspection.
open agent profile →Unbounded token consumption — no spend ceiling
mediumdata-pipeline-agent consumed 9.2M tokens with no per-agent ceiling configured.
Why-trail
- agent · data-pipeline-agent · governed
- behavior · Unbounded token consumption — no spend ceiling
- mapped via · OWASP LLM10 Unbounded Consumption · NIST AI RMF · MANAGE
Remediation: Set a per-agent spend ceiling and alert; review batch sizing.
open agent profile →Blind spot: some evidence for this family comes from ungoverned or shadow agents — treat conformance here as unverified until those agents are instrumented and policy-bound.
Blind spot: some evidence for this family comes from ungoverned or shadow agents — treat conformance here as unverified until those agents are instrumented and policy-bound.
Blind spot: some evidence for this family comes from ungoverned or shadow agents — treat conformance here as unverified until those agents are instrumented and policy-bound.
Projected frameworks
contributing evidence · not a conformity claimISO 42001
roadmapAI management system
Contributing evidence
- · 8 agents inventoried
- · 52.4k events logged
- · 7 of 8 instrumented
EU AI Act
roadmapArt. 12 — record-keeping
Contributing evidence
- · 52.4k events logged
- · 61 sessions traced
- · 7 findings recorded
SOC 2
roadmapCC7.2 — monitoring
Contributing evidence
- · 7 agents under telemetry
- · 52.4k events logged
- · 2 high findings raised
Evidence export
52.4k events · 7 findings · 8 agentsExport the mapped findings and their why-trails as an evidence pack for an auditor or GRC system. Generation is a preview — the prototype does not produce a real file.
Do next
Fields: findings.framework (derived mapping) · findings.severity · findings.remediation · findings.entity_id ⋈ agents.governed/instrumented · stats.events — from app/data/c16-fleet.ts (qcontrol /api shape).