SAIL 2.0

/

AI Policy & Safe experimentation (Plan)

/

No Vetting Path for Tools and External Context Sources

1.10

.

No Vetting Path for Tools and External Context Sources

sail
1.10
Risk

No Vetting Path for Tools and External Context Sources

Description

Policy doesn't formalize how new MCP servers, plugins, tools, API/key-based integrations, or external context and data sources are reviewed and approved before being made available to agents in the environment.

Example

A developer connects a community MCP server to a production agent without security review, exposing the agent to tool description poisoning and command injection.

Assets Affected

AI Policy

MCP Server

Tool

Skill

Agents Plugins

Agents Marketplaces

Mitigation
  • Establish a documented MCP and tool intake process
  • require security review and signed metadata before allowlisting
  • maintain a curated registry
  • enforce attestation for community-sourced servers. Vet continuously, not once: apply update governance and re-review triggers, prefer signed sources, monitor approved tools, and keep a revocation/kill-switch
Standards Mapping
  • ISO: A.10.3, A.4.4
  • OWASP agentic: ASI04, ASI02
  • OWASP LLM: LLM03:2025
  • EU AI Act: Art. 25, Art. 9
  • DASF: Agents-MCP Server 13.21, Agents-MCP Client 13.26
  • AIUC-1: E006, B006