Compliance · Frameworks
What the fleet's behavior means for the controls you answer for.
Each behavioral finding auto-maps to the control families it touches — the evidence path an auditor follows, not a green checkmark.
Bottom line
4 control frameworks instrumented (OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, OWASP Agentic). 2 high-severity findings map to controls. This is contributing evidence — not a conformance claim.
4
frameworks instrumented
auto-mapped from behavior
2
high findings → controls
map to a control family
6
findings mapped
7 total
3
projected frameworks
evidence only
Instrumented control families
4 families · 6 of 7 findings mappedApprovals & sandbox bypassed (--yolo)
highmarketing-gpt runs with approvals and sandbox disabled — it can take any action without a human gate.
why-trail
- agent · marketing-gpt
- title · Approvals & sandbox bypassed (--yolo)
- detail · marketing-gpt runs with approvals and sandbox disabled — it can take any action without a human gate.
Remediation: Require an approval policy; disable --yolo; run sandboxed.
mapped via: OWASP LLM06 Excessive Agency · OWASP Agentic · Insecure tool use
open agent profile →Agent running as root
highmarketing-gpt and support-copilot execute as root — a compromised prompt inherits full host privilege.
why-trail
- agent · marketing-gpt
- title · Agent running as root
- detail · marketing-gpt and support-copilot execute as root — a compromised prompt inherits full host privilege.
Remediation: Drop privileges; run under a dedicated low-privilege service account.
mapped via: MITRE ATLAS · Privilege Escalation · OWASP LLM06
open agent profile →Static API key on consumer-aliased identity
mediumCodex CLI authenticates with a long-lived API key bound to a duck.com alias, not an org-backed identity.
why-trail
- agent · Codex CLI
- title · Static API key on consumer-aliased identity
- detail · Codex CLI authenticates with a long-lived API key bound to a duck.com alias, not an org-backed identity.
Remediation: Move to org-backed OAuth; rotate the static key; join the alias to your IdP.
mapped via: MITRE ATLAS · Credential Access · OWASP LLM (Non-Human Identity)
open agent profile →Sensitive files read into agent context
mediumClaude Code read ./.env and ~/.aws/credentials into its working context.
why-trail
- agent · Claude Code
- title · Sensitive files read into agent context
- detail · Claude Code read ./.env and ~/.aws/credentials into its working context.
Remediation: Scope retrieval; add a deny rule for credential paths; enable content inspection.
mapped via: OWASP LLM02 Sensitive Information Disclosure · NIST AI RMF · MEASURE
open agent profile →Unbounded token consumption — no spend ceiling
mediumdata-pipeline-agent consumed 9.2M tokens with no per-agent ceiling configured.
why-trail
- agent · data-pipeline-agent
- title · Unbounded token consumption — no spend ceiling
- detail · data-pipeline-agent consumed 9.2M tokens with no per-agent ceiling configured.
Remediation: Set a per-agent spend ceiling and alert; review batch sizing.
mapped via: OWASP LLM10 Unbounded Consumption · NIST AI RMF · MANAGE
open agent profile →Projected frameworks
contributing evidence; not a conformity claimISO 42001
AI management system
contributing evidence
- · 8 agents inventoried
- · 52.4k events logged
- · 7 of 8 instrumented
not a conformity claim
EU AI Act
Art. 12 — record-keeping
contributing evidence
- · 52.4k events logged
- · 61 sessions traced
- · 7 findings recorded
not a conformity claim
SOC 2
CC7.2 — monitoring
contributing evidence
- · 7 agents under telemetry
- · 52.4k events logged
- · 2 high findings raised
not a conformity claim
Evidence export
52.4k events · 7 findings · 8 agentsExport the mapped findings and their why-trails as an evidence pack for an auditor or GRC system. Generation is a preview — the wireframe does not produce a real file.
Fields: findings.framework · findings.severity · findings.remediation · findings.agent · stats.events · agents.length — from app/data/c16-fleet.ts (qcontrol /api shape).