SAIL 2.0

/

Code/ No Code - AI Asset Discovery

/

Incomplete Asset Inventory

2.1

.

Incomplete Asset Inventory

sail
2.1
Risk

Incomplete Asset Inventory

Description

Not all AI and agentic assets are identified and cataloged leading to security blind spots.

Example

An undocumented agent running on a developer endpoint with merge authority and connected MCP servers exists in production, unknown to security teams.

Assets Affected

All assets

Mitigation
  • Conduct regular, comprehensive AI and agentic asset discovery audits
  • implement automated discovery tools that identify agents, MCP servers, and agent identities
  • maintain a centralized asset registry.
Standards Mapping
  • ISO: A.4.2, A.4.4
  • OWASP agentic: ASI10
  • EU AI Act: Art. 11
  • DASF: Governance 4.1, Governance 4.2
  • AIUC-1: E004, E015