COMPLIANCE

10/10 OWASP.
EU AI Act ready.
Audit-grade receipts.

Full coverage of the OWASP Agentic Security Top 10, alignment with EU AI Act high-risk requirements (August 2026 deadline), and mapping to NIST AI RMF, ISO 42001, SOC 2, and HIPAA.

OWASP AGENTIC SECURITY

Top 10 Coverage Matrix

Every risk in the OWASP Agentic Security Top 10 is addressed by at least one Authensor component.

ASI01Agent Goal Hijacking
Critical
  • Deny-by-default policy engine
  • Action type allowlists
  • Resource pattern matching
  • Aegis prompt injection detection (15+ rules)
  • Session forbidden sequence detection
ASI02Tool Misuse
Critical
  • MCP Gateway SEP authorization protocol
  • Tool call parameter validation
  • Per-tool disable controls
  • Sandbox mode for testing
ASI03Identity & Privilege Abuse
High
  • Principal binding with strict mode
  • RBAC API keys (admin/ingest/executor)
  • Bootstrap token flow
  • API key rotation
ASI04Supply Chain Vulnerabilities
High
  • MCP Gateway upstream server allowlisting
  • Tool integrity verification
  • Dependency-free core packages (engine, aegis, sentinel)
ASI05Unexpected Code Execution
High
  • Shell command policy rules
  • Parameter validation
  • Sandbox mode
  • Action type restrictions
ASI06Memory & Context Poisoning
Critical
  • Aegis 22 MINJA memory poisoning rules
  • Canary token tracking
  • Context integrity validation
  • Input boundary scanning
ASI07Insecure Inter-Agent Communication
High
  • Cross-agent tracing via parentReceiptId
  • Chain depth and fan-out alerts (Sentinel)
  • Principal binding across delegation
ASI08Cascading Failures
High
  • Sentinel EWMA/CUSUM anomaly detection
  • Budget enforcement with spending limits
  • Shadow/canary policy evaluation
  • Kill switch
ASI09Human-Agent Trust Exploitation
High
  • TOCTOU protection on approved actions
  • Shadow/canary evaluation for policy testing
  • Sigstore transparency log integration
  • Multi-party approval quorum
ASI10Rogue Agents
Critical
  • Session forbidden sequences
  • Session risk scoring
  • Sentinel behavioral baselines
  • Deny rate spike detection
  • Kill switch
EU AI ACT

High-risk system requirements.

The EU AI Act high-risk deadline is August 2, 2026. These articles apply to AI systems that make decisions affecting people. Authensor maps directly to each requirement.

Article 9Risk Management

Policy engine with versioned rules, RedTeam adversarial testing harness, Sentinel behavioral monitoring

Article 10Data Governance

Aegis PII detection and credential scanning, data exfiltration pattern matching, input/output boundary validation

Article 12Record-Keeping

Hash-chained audit receipts with SHA-256 integrity, NDJSON export, chain verification, tamper-evident logging

Article 13Transparency

Decision reason tracking, matched rule logging, policy version in every receipt, dashboard visibility

Article 14Human Oversight

Multi-party approval workflows, quorum support, webhook notifications, approval expiration, kill switch

Article 15Accuracy & Robustness

924+ automated tests, RedTeam harness with 15 MITRE-mapped attack seeds, continuous monitoring via Sentinel

ADDITIONAL FRAMEWORKS

Also maps to.

NIST AI RMF

Map, Measure, Manage, Govern functions addressed through policy engine, monitoring, and audit trails

ISO 42001

AI management system requirements satisfied through documented policies, risk assessment (RedTeam), and continuous improvement

SOC 2 Type II

Security, availability, and processing integrity trust services criteria supported by hash-chained receipts, RBAC, rate limiting, and Sentinel monitoring

HIPAA

PHI detection via Aegis PII scanner, access logging via receipts, minimum necessary enforcement via policy rules

Need a compliance assessment?

We can walk through how Authensor maps to your specific regulatory requirements.

Book a CallView Source