← c16c16 / wf3 - Agent Control Plane — seat-lensed (wf3) / Compliance·control-plane-v1-v1 · 2026-06-03 · draft
Qpoint
QP
Compliance & Frameworksagent-as-actor · findings mapped to control frameworks

Compliance · Frameworks

What the fleet's behavior means for the controls you answer for.

Each behavioral finding auto-maps to the control families it touches — the evidence path an auditor follows, not a green checkmark.

Bottom line

4 control frameworks instrumented; 2 high-severity findings reveal control gaps (a finding flags a gap — it is not itself a failed control). 4 mapped findings come from ungoverned agents, where control interpretation differs. 0 frameworks rest only on shadow-agent evidence — blind spots. Contributing evidence, not a conformance claim.

Do nextExport evidence (JSON/CSV)Review 2 high findings

how to read this

A high finding reveals a control gap — it is not itself a failed control. Each finding is observed behavior mapped to the control families it bears on; the control's pass/fail judgement is the auditor's, made against this evidence.

4

frameworks instrumented

auto-mapped from behavior

2

high findings → controls

reveal a control gap

4

mapped from ungoverned

outside the boundary

0

evidence-gap frameworks

shadow-only = blind spot

Instrumented control families

4 families · 6 of 7 findings mapped

Approvals & sandbox bypassed (--yolo) ungoverned agent

high

marketing-gpt runs with approvals and sandbox disabled — it can take any action without a human gate.

Control interpretation differs: this behavior occurred outside the governance boundary, so the finding is evidence of exposure, not of an enforced-then-bypassed control.

why-trail

  1. agent · marketing-gpt · ungoverned
  2. title · Approvals & sandbox bypassed (--yolo)
  3. detail · marketing-gpt runs with approvals and sandbox disabled — it can take any action without a human gate.

Remediation: Require an approval policy; disable --yolo; run sandboxed.

mapped via: OWASP LLM06 Excessive Agency · OWASP Agentic · Insecure tool use

open agent profile →

Agent running as root ungoverned agent

high

marketing-gpt and support-copilot execute as root — a compromised prompt inherits full host privilege.

Control interpretation differs: this behavior occurred outside the governance boundary, so the finding is evidence of exposure, not of an enforced-then-bypassed control.

why-trail

  1. agent · marketing-gpt · ungoverned
  2. title · Agent running as root
  3. detail · marketing-gpt and support-copilot execute as root — a compromised prompt inherits full host privilege.

Remediation: Drop privileges; run under a dedicated low-privilege service account.

mapped via: MITRE ATLAS · Privilege Escalation · OWASP LLM06

open agent profile →

Static API key on consumer-aliased identity ungoverned agent

medium

Codex CLI authenticates with a long-lived API key bound to a duck.com alias, not an org-backed identity.

Control interpretation differs: this behavior occurred outside the governance boundary, so the finding is evidence of exposure, not of an enforced-then-bypassed control.

why-trail

  1. agent · Codex CLI · ungoverned
  2. title · Static API key on consumer-aliased identity
  3. detail · Codex CLI authenticates with a long-lived API key bound to a duck.com alias, not an org-backed identity.

Remediation: Move to org-backed OAuth; rotate the static key; join the alias to your IdP.

mapped via: MITRE ATLAS · Credential Access · OWASP LLM (Non-Human Identity)

open agent profile →

Sensitive files read into agent context

medium

Claude Code read ./.env and ~/.aws/credentials into its working context.

why-trail

  1. agent · Claude Code · governed
  2. title · Sensitive files read into agent context
  3. detail · Claude Code read ./.env and ~/.aws/credentials into its working context.

Remediation: Scope retrieval; add a deny rule for credential paths; enable content inspection.

mapped via: OWASP LLM02 Sensitive Information Disclosure · NIST AI RMF · MEASURE

open agent profile →

Unbounded token consumption — no spend ceiling

medium

data-pipeline-agent consumed 9.2M tokens with no per-agent ceiling configured.

why-trail

  1. agent · data-pipeline-agent · governed
  2. title · Unbounded token consumption — no spend ceiling
  3. detail · data-pipeline-agent consumed 9.2M tokens with no per-agent ceiling configured.

Remediation: Set a per-agent spend ceiling and alert; review batch sizing.

mapped via: OWASP LLM10 Unbounded Consumption · NIST AI RMF · MANAGE

open agent profile →

Projected frameworks

contributing evidence; not a conformity claim

ISO 42001

AI management system

contributing evidence

  • · 8 agents inventoried
  • · 52.4k events logged
  • · 7 of 8 instrumented

not a conformity claim

EU AI Act

Art. 12 — record-keeping

contributing evidence

  • · 52.4k events logged
  • · 61 sessions traced
  • · 7 findings recorded

not a conformity claim

SOC 2

CC7.2 — monitoring

contributing evidence

  • · 7 agents under telemetry
  • · 52.4k events logged
  • · 2 high findings raised

not a conformity claim

Evidence export

52.4k events · 7 findings · 8 agents

Export the mapped findings and their why-trails as an evidence pack for an auditor or GRC system. Generation is a preview — the wireframe does not produce a real file.

Fields: findings.framework · findings.severity · findings.remediation · findings.agent · findings.entity_id ⋈ agents.governed/instrumented · stats.events — from app/data/c16-fleet.ts (qcontrol /api shape).