c16
c16 / wf3.m1 - Agent Control Plane — hi-fi (wf3.m1) / Compliance

Compliance · Frameworks

OWASP LLM Top 10 carries the most open mapped findings — 5 of 6

4 control frameworks are instrumented from observed behavior, covering 6 of 7 findings. 2 high-severity findings reveal control gaps — a finding flags a gap, it is not itself a failed control. Heaviest load: OWASP LLM Top 10 at 5 open mapped findings.

Frameworks auto-map from findings.framework; the pass/fail judgement stays the auditor's.

Frameworks covered

4/ 7

instrumented · 3 projected (ghosted)

Controls with findings

4families touched

6 of 7 findings mapped

High-severity mapped

2control gaps

reveal a control gap

Evidence-ready

83%

findings from instrumented agents

How to read this

A high finding reveals a control gap — it is not itself a failed control. Each finding is observed behavior auto-mapped to the control families it touches; the pass/fail judgement is the auditor's, made against this evidence trail. Framework tags are derived from each finding's framework string.

Instrumented control families

4 families · 6 of 7 findings mapped

Blind spot: some evidence for this family comes from ungoverned or shadow agents — treat conformance here as unverified until those agents are instrumented and policy-bound.

Why these findings map here — 5 findings

Approvals & sandbox bypassed (--yolo) ungoverned agent

high

marketing-gpt runs with approvals and sandbox disabled — it can take any action without a human gate.

Why-trail

  1. agent · marketing-gpt · ungoverned
  2. behavior · Approvals & sandbox bypassed (--yolo)
  3. mapped via · OWASP LLM06 Excessive Agency · OWASP Agentic · Insecure tool use

Remediation: Require an approval policy; disable --yolo; run sandboxed.

open agent profile →

Agent running as root ungoverned agent

high

marketing-gpt and support-copilot execute as root — a compromised prompt inherits full host privilege.

Why-trail

  1. agent · marketing-gpt · ungoverned
  2. behavior · Agent running as root
  3. mapped via · MITRE ATLAS · Privilege Escalation · OWASP LLM06

Remediation: Drop privileges; run under a dedicated low-privilege service account.

open agent profile →

Static API key on consumer-aliased identity ungoverned agent

medium

Codex CLI authenticates with a long-lived API key bound to a duck.com alias, not an org-backed identity.

Why-trail

  1. agent · Codex CLI · ungoverned
  2. behavior · Static API key on consumer-aliased identity
  3. mapped via · MITRE ATLAS · Credential Access · OWASP LLM (Non-Human Identity)

Remediation: Move to org-backed OAuth; rotate the static key; join the alias to your IdP.

open agent profile →

Sensitive files read into agent context

medium

Claude Code read ./.env and ~/.aws/credentials into its working context.

Why-trail

  1. agent · Claude Code · governed
  2. behavior · Sensitive files read into agent context
  3. mapped via · OWASP LLM02 Sensitive Information Disclosure · NIST AI RMF · MEASURE

Remediation: Scope retrieval; add a deny rule for credential paths; enable content inspection.

open agent profile →

Unbounded token consumption — no spend ceiling

medium

data-pipeline-agent consumed 9.2M tokens with no per-agent ceiling configured.

Why-trail

  1. agent · data-pipeline-agent · governed
  2. behavior · Unbounded token consumption — no spend ceiling
  3. mapped via · OWASP LLM10 Unbounded Consumption · NIST AI RMF · MANAGE

Remediation: Set a per-agent spend ceiling and alert; review batch sizing.

open agent profile →

Blind spot: some evidence for this family comes from ungoverned or shadow agents — treat conformance here as unverified until those agents are instrumented and policy-bound.

Blind spot: some evidence for this family comes from ungoverned or shadow agents — treat conformance here as unverified until those agents are instrumented and policy-bound.

Blind spot: some evidence for this family comes from ungoverned or shadow agents — treat conformance here as unverified until those agents are instrumented and policy-bound.

Projected frameworks

contributing evidence · not a conformity claim

ISO 42001

roadmap

AI management system

Contributing evidence

  • · 8 agents inventoried
  • · 52.4k events logged
  • · 7 of 8 instrumented

EU AI Act

roadmap

Art. 12 — record-keeping

Contributing evidence

  • · 52.4k events logged
  • · 61 sessions traced
  • · 7 findings recorded

SOC 2

roadmap

CC7.2 — monitoring

Contributing evidence

  • · 7 agents under telemetry
  • · 52.4k events logged
  • · 2 high findings raised

Evidence export

52.4k events · 7 findings · 8 agents

Export the mapped findings and their why-trails as an evidence pack for an auditor or GRC system. Generation is a preview — the prototype does not produce a real file.

Do next

Fields: findings.framework (derived mapping) · findings.severity · findings.remediation · findings.entity_idagents.governed/instrumented · stats.events — from app/data/c16-fleet.ts (qcontrol /api shape).