Compliance · Frameworks
What the fleet's behavior means for the controls you answer for.
Each behavioral finding auto-maps to the control families it touches — the evidence path an auditor follows, not a green checkmark.
Bottom line
4 control frameworks instrumented; 2 high-severity findings reveal control gaps (a finding flags a gap — it is not itself a failed control). 4 mapped findings come from ungoverned agents, where control interpretation differs. 0 frameworks rest only on shadow-agent evidence — blind spots. Contributing evidence, not a conformance claim.
how to read this
A high finding reveals a control gap — it is not itself a failed control. Each finding is observed behavior mapped to the control families it bears on; the control's pass/fail judgement is the auditor's, made against this evidence.
4
frameworks instrumented
auto-mapped from behavior
2
high findings → controls
reveal a control gap
4
mapped from ungoverned
outside the boundary
0
evidence-gap frameworks
shadow-only = blind spot
Instrumented control families
4 families · 6 of 7 findings mappedApprovals & sandbox bypassed (--yolo) ungoverned agent
highmarketing-gpt runs with approvals and sandbox disabled — it can take any action without a human gate.
Control interpretation differs: this behavior occurred outside the governance boundary, so the finding is evidence of exposure, not of an enforced-then-bypassed control.
why-trail
- agent · marketing-gpt · ungoverned
- title · Approvals & sandbox bypassed (--yolo)
- detail · marketing-gpt runs with approvals and sandbox disabled — it can take any action without a human gate.
Remediation: Require an approval policy; disable --yolo; run sandboxed.
mapped via: OWASP LLM06 Excessive Agency · OWASP Agentic · Insecure tool use
open agent profile →Agent running as root ungoverned agent
highmarketing-gpt and support-copilot execute as root — a compromised prompt inherits full host privilege.
Control interpretation differs: this behavior occurred outside the governance boundary, so the finding is evidence of exposure, not of an enforced-then-bypassed control.
why-trail
- agent · marketing-gpt · ungoverned
- title · Agent running as root
- detail · marketing-gpt and support-copilot execute as root — a compromised prompt inherits full host privilege.
Remediation: Drop privileges; run under a dedicated low-privilege service account.
mapped via: MITRE ATLAS · Privilege Escalation · OWASP LLM06
open agent profile →Static API key on consumer-aliased identity ungoverned agent
mediumCodex CLI authenticates with a long-lived API key bound to a duck.com alias, not an org-backed identity.
Control interpretation differs: this behavior occurred outside the governance boundary, so the finding is evidence of exposure, not of an enforced-then-bypassed control.
why-trail
- agent · Codex CLI · ungoverned
- title · Static API key on consumer-aliased identity
- detail · Codex CLI authenticates with a long-lived API key bound to a duck.com alias, not an org-backed identity.
Remediation: Move to org-backed OAuth; rotate the static key; join the alias to your IdP.
mapped via: MITRE ATLAS · Credential Access · OWASP LLM (Non-Human Identity)
open agent profile →Sensitive files read into agent context
mediumClaude Code read ./.env and ~/.aws/credentials into its working context.
why-trail
- agent · Claude Code · governed
- title · Sensitive files read into agent context
- detail · Claude Code read ./.env and ~/.aws/credentials into its working context.
Remediation: Scope retrieval; add a deny rule for credential paths; enable content inspection.
mapped via: OWASP LLM02 Sensitive Information Disclosure · NIST AI RMF · MEASURE
open agent profile →Unbounded token consumption — no spend ceiling
mediumdata-pipeline-agent consumed 9.2M tokens with no per-agent ceiling configured.
why-trail
- agent · data-pipeline-agent · governed
- title · Unbounded token consumption — no spend ceiling
- detail · data-pipeline-agent consumed 9.2M tokens with no per-agent ceiling configured.
Remediation: Set a per-agent spend ceiling and alert; review batch sizing.
mapped via: OWASP LLM10 Unbounded Consumption · NIST AI RMF · MANAGE
open agent profile →Projected frameworks
contributing evidence; not a conformity claimISO 42001
AI management system
contributing evidence
- · 8 agents inventoried
- · 52.4k events logged
- · 7 of 8 instrumented
not a conformity claim
EU AI Act
Art. 12 — record-keeping
contributing evidence
- · 52.4k events logged
- · 61 sessions traced
- · 7 findings recorded
not a conformity claim
SOC 2
CC7.2 — monitoring
contributing evidence
- · 7 agents under telemetry
- · 52.4k events logged
- · 2 high findings raised
not a conformity claim
Evidence export
52.4k events · 7 findings · 8 agentsExport the mapped findings and their why-trails as an evidence pack for an auditor or GRC system. Generation is a preview — the wireframe does not produce a real file.
Fields: findings.framework · findings.severity · findings.remediation · findings.agent · findings.entity_id ⋈ agents.governed/instrumented · stats.events — from app/data/c16-fleet.ts (qcontrol /api shape).