SAIL 2.0

/

Build - AI Security Posture Management

/

Insufficient Understanding of Agent Reachable Graph

3.11

.

Insufficient Understanding of Agent Reachable Graph

sail
3.11
Risk

Insufficient Understanding of Agent Reachable Graph

Description

Failure to clearly map an agent's complete reachable graph โ€” all tools it can invoke, data stores it can query, downstream agents it can call, and external systems it can affect.

Example

An agent built for invoice processing is found to have transitive access via a shared MCP server to the HR database that nobody mapped at build time.

Assets Affected

AI Agent

AI App

Model Inference Endpoint

Tool

MCP Server

3rd-Party AI Integration

Agent Communication Protocol (ACP)

Mitigation
  • Map each agent's reachable graph during build
  • document tools, scopes, MCP servers, and downstream agents
  • review the graph for over-reach
  • restrict transitive access through MCP gateways.
Standards Mapping
  • ISO: A.6.2.3, A.4.2
  • OWASP agentic: ASI02, ASI03
  • OWASP LLM: LLM06:2025
  • EU AI Act: Art. 11, Art. 9
  • DASF: Agents-Core 13.2, Agents-MCP Server 13.22
  • AIUC-1: E004, B006