This control library provides a set of security and governance controls designed to mitigate risks identified in sovereign AI and agentic AI systems.
The controls align to common governance frameworks including:
- NIST AI Risk Management Framework (AI RMF)
- ISO/IEC 42001 Artificial Intelligence Management Systems
- NIST 800-53 security controls
- Zero Trust architecture principles
The purpose of this library is to connect identified threats to practical security and governance controls that organizations can implement.
Controls are organized into five domains.
- Data Sovereignty
- Agent Governance
- Model Lifecycle Security
- AI Supply Chain Security
- Monitoring and Accountability
These controls ensure that sensitive data remains within authorized geographic and regulatory boundaries.
Ensure AI inference processing occurs only in approved jurisdictions.
Mitigation Target: Cross-border inference leakage.
Example Implementation:
- Region-restricted API endpoints
- Private model hosting
- Cloud region enforcement policies
Inspect prompts and inputs for sensitive information before sending them to AI models.
Mitigation Target: Sensitive data exposure through prompts.
Example Implementation:
- Data classification filters
- PII detection
- Tokenization before inference
Ensure external model providers do not retain prompts or outputs without authorization.
Mitigation Target: Unauthorized provider data retention.
Example Implementation:
- Contractual provider controls
- API parameters disabling prompt logging
- Data governance review processes
These controls address risks introduced by autonomous or semi-autonomous AI agents.
Agents must only access tools and data permitted by the requesting user's identity.
Mitigation Target: Agent privilege escalation.
Example Implementation:
- Identity-aware agent execution
- Policy-based tool permissions
- Access control enforcement
Agents must operate within defined boundaries for execution depth and duration.
Mitigation Target: Runaway agent workflows.
Example Implementation:
- Maximum action chain length
- Execution timeouts
- Task scope restrictions
Define explicit policies controlling which tools an AI agent can invoke.
Mitigation Target: Unauthorized tool execution.
Example Implementation:
- Tool allowlists
- Approval-based access
- Context-aware authorization
These controls ensure models are deployed, updated, and governed securely.
Maintain an approved registry of AI models.
Mitigation Target: Shadow AI deployments.
Example Implementation:
- Internal model catalog
- Deployment approvals
- Model version tracking
Verify model authenticity and integrity before deployment.
Mitigation Target: Model tampering or malicious models.
Example Implementation:
- Checksum verification
- Signed model artifacts
- Model validation testing
Continuously monitor model performance and behavior.
Mitigation Target: Model drift or malicious outputs.
Example Implementation:
- Output anomaly detection
- Performance monitoring
- Behavior auditing
AI systems depend on multiple external services and dependencies.
Ensure models originate from trusted providers.
Mitigation Target: Malicious model injection.
Example Implementation:
- Approved model sources
- Secure artifact repositories
Evaluate risks associated with AI vendors.
Mitigation Target: Untrusted AI service providers.
Example Implementation:
- Vendor security reviews
- Data handling agreements
Effective governance requires visibility into AI system activity.
Log all agent actions and AI system interactions.
Mitigation Target: Undetected misuse.
Example Implementation:
- Centralized logging
- AI event audit trails
Provide leadership visibility into AI risks.
Mitigation Target: Lack of executive oversight.
Example Implementation:
- Risk dashboards
- Governance reports
Each control can be mapped to governance frameworks including:
- NIST AI RMF
- ISO/IEC 42001
- Enterprise data protection policies
- Zero Trust architecture principles
This ensures that threat mitigation strategies align with broader organizational governance requirements.