| controlAdversarialTrainingAndTesting |
Adversarial Training and Testing |
riskInferredSensitiveData |
Inferred Sensitive Data |
| controlAdversarialTrainingAndTesting |
Adversarial Training and Testing |
riskInsecureModelOutput |
Insecure Model Output |
| controlAdversarialTrainingAndTesting |
Adversarial Training and Testing |
riskModelEvasion |
Model Evasion |
| controlAdversarialTrainingAndTesting |
Adversarial Training and Testing |
riskPromptInjection |
Prompt Injection |
| controlAdversarialTrainingAndTesting |
Adversarial Training and Testing |
riskSensitiveDataDisclosure |
Sensitive Data Disclosure |
| controlAgentCredentialIsolation |
Agent Credential Isolation |
riskCrossTenantCredentialPropagation |
Cross-Tenant Credential Propagation |
| controlAgentCredentialIsolation |
Agent Credential Isolation |
riskShadowAndUnknownAgents |
Shadow and Unknown Agents |
| controlAgentCredentialIsolation |
Agent Credential Isolation |
riskStaleAgentIdentityBinding |
Stale Agent Identity Binding |
| controlAgentExecutionBounds |
Agent Execution Bounds |
riskEconomicDenialOfWallet |
Economic Denial of Wallet |
| controlAgentExecutionBounds |
Agent Execution Bounds |
riskRunawayAgentToolLoops |
Runaway Agent Tool Loops |
| controlAgentIntegrityManagement |
Agent Integrity Management |
riskAgentDelegationChainOpacity |
Agent Delegation Chain Opacity |
| controlAgentIntegrityManagement |
Agent Integrity Management |
riskShadowAndUnknownAgents |
Shadow and Unknown Agents |
| controlAgentIntegrityManagement |
Agent Integrity Management |
riskStaleAgentIdentityBinding |
Stale Agent Identity Binding |
| controlAgentInventoryManagement |
Agent Inventory Management |
riskAgentDelegationChainOpacity |
Agent Delegation Chain Opacity |
| controlAgentInventoryManagement |
Agent Inventory Management |
riskShadowAndUnknownAgents |
Shadow and Unknown Agents |
| controlAgentInventoryManagement |
Agent Inventory Management |
riskZombieShadowMCPServers |
Zombie / Shadow MCP Servers |
| controlAgentObservability |
Agent Observability |
riskAgentDelegationChainOpacity |
Agent Delegation Chain Opacity |
| controlAgentObservability |
Agent Observability |
riskAgenticDelegationConfusedDeputy |
Agentic Delegation Confused Deputy |
| controlAgentObservability |
Agent Observability |
riskRogueActions |
Rogue Actions |
| controlAgentObservability |
Agent Observability |
riskRunawayAgentToolLoops |
Runaway Agent Tool Loops |
| controlAgentObservability |
Agent Observability |
riskSensitiveDataDisclosure |
Sensitive Data Disclosure |
| controlAgentObservability |
Agent Observability |
riskShadowAndUnknownAgents |
Shadow and Unknown Agents |
| controlAgentObservability |
Agent Observability |
riskToolRegistryTampering |
Tool Registry Tampering |
| controlAgentObservability |
Agent Observability |
riskZombieShadowMCPServers |
Zombie / Shadow MCP Servers |
| controlAgentPluginPermissions |
Agent Permissions |
riskAgenticDelegationConfusedDeputy |
Agentic Delegation Confused Deputy |
| controlAgentPluginPermissions |
Agent Permissions |
riskCrossTenantCredentialPropagation |
Cross-Tenant Credential Propagation |
| controlAgentPluginPermissions |
Agent Permissions |
riskInsecureIntegratedComponent |
Insecure Integrated Component |
| controlAgentPluginPermissions |
Agent Permissions |
riskRogueActions |
Rogue Actions |
| controlAgentPluginPermissions |
Agent Permissions |
riskSensitiveDataDisclosure |
Sensitive Data Disclosure |
| controlAgentPluginPermissions |
Agent Permissions |
riskToolSourceProvenance |
Tool Source Provenance |
| controlAgentPluginUserControl |
Agent User Control |
riskRogueActions |
Rogue Actions |
| controlAgentPluginUserControl |
Agent User Control |
riskSensitiveDataDisclosure |
Sensitive Data Disclosure |
| controlApplicationAccessManagement |
Application Access and Resource Management |
riskDenialOfMLService |
Denial of ML Service |
| controlApplicationAccessManagement |
Application Access and Resource Management |
riskEconomicDenialOfWallet |
Economic Denial of Wallet |
| controlApplicationAccessManagement |
Application Access and Resource Management |
riskModelReverseEngineering |
Model Reverse Engineering |
| controlComponentIdentityProvenance |
Component Identity Provenance |
riskMCPTransportHijacking |
MCP Transport Hijacking |
| controlComponentIdentityProvenance |
Component Identity Provenance |
riskStaleAgentIdentityBinding |
Stale Agent Identity Binding |
| controlComponentIdentityProvenance |
Component Identity Provenance |
riskZombieShadowMCPServers |
Zombie / Shadow MCP Servers |
| controlIncidentResponseManagement |
Incident Response Management |
all |
All Risks |
| controlInputValidationAndSanitization |
Input Validation and Sanitization |
riskInsecureIntegratedComponent |
Insecure Integrated Component |
| controlInputValidationAndSanitization |
Input Validation and Sanitization |
riskMaliciousLoaderDeserialization |
Malicious Loader/Deserialization |
| controlInputValidationAndSanitization |
Input Validation and Sanitization |
riskPromptInjection |
Prompt Injection |
| controlInputValidationAndSanitization |
Input Validation and Sanitization |
riskPromptResponseCachePoisoning |
Prompt/Response Cache Poisoning |
| controlInputValidationAndSanitization |
Input Validation and Sanitization |
riskRetrievalVectorStorePoisoning |
Retrieval/Vector Store Poisoning |
| controlInterComponentTransportSecurity |
Inter-Component Transport Security |
riskInsecureIntegratedComponent |
Insecure Integrated Component |
| controlInterComponentTransportSecurity |
Inter-Component Transport Security |
riskMCPTransportHijacking |
MCP Transport Hijacking |
| controlInterComponentTransportSecurity |
Inter-Component Transport Security |
riskModelDeploymentTampering |
Model Deployment Tampering |
| controlInterComponentTransportSecurity |
Inter-Component Transport Security |
riskOrchestratorRouteHijacking |
Orchestrator/Route Hijack |
| controlInterComponentTransportSecurity |
Inter-Component Transport Security |
riskToolRegistryTampering |
Tool Registry Tampering |
| controlInterComponentTransportSecurity |
Inter-Component Transport Security |
riskZombieShadowMCPServers |
Zombie / Shadow MCP Servers |
| controlInternalPoliciesAndEducation |
Internal Policies and Education |
all |
All Risks |
| controlIsolatedConfidentialComputing |
Isolated and Confidential Computing |
riskAcceleratorAndSystemSideChannels |
Accelerator and System Side-channels |
| controlIsolatedConfidentialComputing |
Isolated and Confidential Computing |
riskCrossTenantCredentialPropagation |
Cross-Tenant Credential Propagation |
| controlIsolatedConfidentialComputing |
Isolated and Confidential Computing |
riskModelDeploymentTampering |
Model Deployment Tampering |
| controlIsolatedConfidentialComputing |
Isolated and Confidential Computing |
riskModelExfiltration |
Model Exfiltration |
| controlIsolatedConfidentialComputing |
Isolated and Confidential Computing |
riskModelSourceTampering |
Model Source Tampering |
| controlIsolatedConfidentialComputing |
Isolated and Confidential Computing |
riskOrchestratorRouteHijacking |
Orchestrator/Route Hijack |
| controlModelAndDataAccessControls |
Model and Data Access Controls |
riskAcceleratorAndSystemSideChannels |
Accelerator and System Side-channels |
| controlModelAndDataAccessControls |
Model and Data Access Controls |
riskAdapterPEFTInjection |
Adapter/PEFT Injection |
| controlModelAndDataAccessControls |
Model and Data Access Controls |
riskDataPoisoning |
Data Poisoning |
| controlModelAndDataAccessControls |
Model and Data Access Controls |
riskMaliciousLoaderDeserialization |
Malicious Loader/Deserialization |
| controlModelAndDataAccessControls |
Model and Data Access Controls |
riskModelExfiltration |
Model Exfiltration |
| controlModelAndDataAccessControls |
Model and Data Access Controls |
riskModelSourceTampering |
Model Source Tampering |
| controlModelAndDataAccessControls |
Model and Data Access Controls |
riskOrchestratorRouteHijacking |
Orchestrator/Route Hijack |
| controlModelAndDataAccessControls |
Model and Data Access Controls |
riskPromptResponseCachePoisoning |
Prompt/Response Cache Poisoning |
| controlModelAndDataExecutionIntegrity |
Model and Data Execution Integrity |
riskAdapterPEFTInjection |
Adapter/PEFT Injection |
| controlModelAndDataExecutionIntegrity |
Model and Data Execution Integrity |
riskInsecureIntegratedComponent |
Insecure Integrated Component |
| controlModelAndDataExecutionIntegrity |
Model and Data Execution Integrity |
riskMaliciousLoaderDeserialization |
Malicious Loader/Deserialization |
| controlModelAndDataExecutionIntegrity |
Model and Data Execution Integrity |
riskModelDeploymentTampering |
Model Deployment Tampering |
| controlModelAndDataExecutionIntegrity |
Model and Data Execution Integrity |
riskModelSourceTampering |
Model Source Tampering |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskAdapterPEFTInjection |
Adapter/PEFT Injection |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskCovertChannelsInModelOutputs |
Covert Channels in Model Outputs |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskDataPoisoning |
Data Poisoning |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskEvaluationBenchmarkManipulation |
Evaluation/Benchmark Manipulation |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskFederatedDistributedTrainingPrivacy |
Federated/Distributed Training Privacy |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskMaliciousLoaderDeserialization |
Malicious Loader/Deserialization |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskModelExfiltration |
Model Exfiltration |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskModelSourceTampering |
Model Source Tampering |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskOrchestratorRouteHijacking |
Orchestrator/Route Hijack |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskPromptResponseCachePoisoning |
Prompt/Response Cache Poisoning |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskRetrievalVectorStorePoisoning |
Retrieval/Vector Store Poisoning |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskStaleAgentIdentityBinding |
Stale Agent Identity Binding |
| controlModelAndDataIntegrityManagement |
Model and Data Integrity Management |
riskToolSourceProvenance |
Tool Source Provenance |
| controlModelAndDataInventoryManagement |
Model and Data Inventory Management |
riskDataPoisoning |
Data Poisoning |
| controlModelAndDataInventoryManagement |
Model and Data Inventory Management |
riskModelExfiltration |
Model Exfiltration |
| controlModelAndDataInventoryManagement |
Model and Data Inventory Management |
riskModelSourceTampering |
Model Source Tampering |
| controlModelPrivacyEnhancingTechnologies |
Privacy Enhancing Technologies for Model Training |
riskFederatedDistributedTrainingPrivacy |
Federated/Distributed Training Privacy |
| controlModelPrivacyEnhancingTechnologies |
Privacy Enhancing Technologies for Model Training |
riskSensitiveDataDisclosure |
Sensitive Data Disclosure |
| controlOrchestratorAndRouteIntegrity |
Orchestrator and Route Integrity |
riskModelDeploymentTampering |
Model Deployment Tampering |
| controlOrchestratorAndRouteIntegrity |
Orchestrator and Route Integrity |
riskOrchestratorRouteHijacking |
Orchestrator/Route Hijack |
| controlOrchestratorAndRouteIntegrity |
Orchestrator and Route Integrity |
riskToolRegistryTampering |
Tool Registry Tampering |
| controlOutputValidationAndSanitization |
Output Validation and Sanitization |
riskCovertChannelsInModelOutputs |
Covert Channels in Model Outputs |
| controlOutputValidationAndSanitization |
Output Validation and Sanitization |
riskInferredSensitiveData |
Inferred Sensitive Data |
| controlOutputValidationAndSanitization |
Output Validation and Sanitization |
riskInsecureModelOutput |
Insecure Model Output |
| controlOutputValidationAndSanitization |
Output Validation and Sanitization |
riskPromptInjection |
Prompt Injection |
| controlOutputValidationAndSanitization |
Output Validation and Sanitization |
riskPromptResponseCachePoisoning |
Prompt/Response Cache Poisoning |
| controlOutputValidationAndSanitization |
Output Validation and Sanitization |
riskRetrievalVectorStorePoisoning |
Retrieval/Vector Store Poisoning |
| controlOutputValidationAndSanitization |
Output Validation and Sanitization |
riskRogueActions |
Rogue Actions |
| controlOutputValidationAndSanitization |
Output Validation and Sanitization |
riskSensitiveDataDisclosure |
Sensitive Data Disclosure |
| controlProductGovernance |
Product Governance |
all |
All Risks |
| controlRedTeaming |
Red Teaming |
all |
All Risks |
| controlRetrievalAndVectorSystemIntegrity |
Retrieval and Vector System Integrity Management |
riskRetrievalVectorStorePoisoning |
Retrieval/Vector Store Poisoning |
| controlRiskGovernance |
Risk Governance |
all |
All Risks |
| controlRuntimePrivacyEnhancingTechnologies |
Privacy Enhancing Technologies for Inference |
riskFederatedDistributedTrainingPrivacy |
Federated/Distributed Training Privacy |
| controlRuntimePrivacyEnhancingTechnologies |
Privacy Enhancing Technologies for Inference |
riskSensitiveDataDisclosure |
Sensitive Data Disclosure |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskAcceleratorAndSystemSideChannels |
Accelerator and System Side-channels |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskAdapterPEFTInjection |
Adapter/PEFT Injection |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskAgenticDelegationConfusedDeputy |
Agentic Delegation Confused Deputy |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskCrossTenantCredentialPropagation |
Cross-Tenant Credential Propagation |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskDataPoisoning |
Data Poisoning |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskFederatedDistributedTrainingPrivacy |
Federated/Distributed Training Privacy |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskMCPTransportHijacking |
MCP Transport Hijacking |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskMaliciousLoaderDeserialization |
Malicious Loader/Deserialization |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskModelDeploymentTampering |
Model Deployment Tampering |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskModelExfiltration |
Model Exfiltration |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskModelSourceTampering |
Model Source Tampering |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskOrchestratorRouteHijacking |
Orchestrator/Route Hijack |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskShadowAndUnknownAgents |
Shadow and Unknown Agents |
| controlSecureByDefaultMLTooling |
Secure-by-Default ML Tooling |
riskToolSourceProvenance |
Tool Source Provenance |
| controlThreatDetection |
Threat Detection |
all |
All Risks |
| controlTrainingDataManagement |
Training Data Management |
riskExcessiveDataHandling |
Excessive Data Handling |
| controlTrainingDataManagement |
Training Data Management |
riskInferredSensitiveData |
Inferred Sensitive Data |
| controlTrainingDataManagement |
Training Data Management |
riskUnauthorizedTrainingData |
Unauthorized Training Data |
| controlTrainingDataSanitization |
Training Data Sanitization |
riskDataPoisoning |
Data Poisoning |
| controlTrainingDataSanitization |
Training Data Sanitization |
riskRetrievalVectorStorePoisoning |
Retrieval/Vector Store Poisoning |
| controlTrainingDataSanitization |
Training Data Sanitization |
riskUnauthorizedTrainingData |
Unauthorized Training Data |
| controlUserDataManagement |
User Data Management |
riskExcessiveDataHandlingDuringInference |
Excessive Data Handling During Inference |
| controlUserDataManagement |
User Data Management |
riskPromptResponseCachePoisoning |
Prompt/Response Cache Poisoning |
| controlUserDataManagement |
User Data Management |
riskSensitiveDataDisclosure |
Sensitive Data Disclosure |
| controlUserPoliciesAndEducation |
User Policies and Education |
riskInsecureIntegratedComponent |
Insecure Integrated Component |
| controlUserPoliciesAndEducation |
User Policies and Education |
riskSensitiveDataDisclosure |
Sensitive Data Disclosure |
| controlUserTransparencyAndControls |
User Transparency and Controls |
riskExcessiveDataHandling |
Excessive Data Handling |
| controlUserTransparencyAndControls |
User Transparency and Controls |
riskExcessiveDataHandlingDuringInference |
Excessive Data Handling During Inference |
| controlUserTransparencyAndControls |
User Transparency and Controls |
riskSensitiveDataDisclosure |
Sensitive Data Disclosure |
| controlVulnerabilityManagement |
Vulnerability Management |
all |
All Risks |