Control Objectives
Agent Mesh Policy Enforcement
Enforce policies governing agent-to-agent communication, ensuring only authorized interactions occur within the agent mesh.
Unauthorized agent-to-agent communication
Policy violation incidents
Authentication and Authorization
Ensure robust authentication and authorization controls for all agent capabilities and data access.
Unauthorized access to agent capabilities
Authentication failure rate
PII Detection and Protection
Implement real-time detection and protection of personally identifiable information (PII) in agent inputs and outputs.
Personal data exposure
PII leak incidents
Data Minimization Enforcement
Enforce data minimization principles ensuring agents only collect and process data necessary for their specific tasks.
Excessive data collection or sharing
Data scope violations detected
MCP Server Access Control
Implement least-privilege access controls for Model Context Protocol (MCP) server connections and tool permissions.
Excessive tool permissions
% MCP connections with least-privilege config
Model Gateway Policy Enforcement
Route all LLM requests through a governed gateway that enforces usage policies, content filtering, and access controls.
Uncontrolled LLM access
% requests through governed gateway
Content Filtering Effectiveness
Filter harmful, inappropriate, or policy-violating content in both inputs and outputs of agent interactions.
Harmful input or output
Filtered content incidents
Prompt Injection Prevention
Detect and block adversarial prompt injection attacks that attempt to manipulate agent behavior.
Adversarial prompt attacks
Injection attempts blocked
Rate Limiting Enforcement
Enforce rate limits to prevent resource exhaustion, abuse, and runaway costs from excessive agent activity.
Resource exhaustion or abuse
Rate limit triggers
Observability Coverage
Ensure comprehensive observability including logging, metrics, and tracing for all agent activities to eliminate blind spots.
Blind spots in agent behavior
% agents with full observability
Resilience and Failover
Implement resilience patterns including circuit breakers, retries, and failover mechanisms to maintain service availability.
Service disruption from agent failure
Failover test success rate
Scalability Adequacy
Ensure agents can scale to meet demand without performance degradation, with adequate capacity headroom.
Performance degradation under load
Capacity headroom percentage
Quick Reference
| ID | Objective | Primary Risk Addressed | Key Metric |
|---|---|---|---|
| RUN-01 | Agent Mesh Policy Enforcement | Unauthorized agent-to-agent communication | Policy violation incidents |
| RUN-02 | Authentication and Authorization | Unauthorized access to agent capabilities | Authentication failure rate |
| RUN-03 | PII Detection and Protection | Personal data exposure | PII leak incidents |
| RUN-04 | Data Minimization Enforcement | Excessive data collection or sharing | Data scope violations detected |
| RUN-05 | MCP Server Access Control | Excessive tool permissions | % MCP connections with least-privilege config |
| RUN-06 | Model Gateway Policy Enforcement | Uncontrolled LLM access | % requests through governed gateway |
| RUN-07 | Content Filtering Effectiveness | Harmful input or output | Filtered content incidents |
| RUN-08 | Prompt Injection Prevention | Adversarial prompt attacks | Injection attempts blocked |
| RUN-09 | Rate Limiting Enforcement | Resource exhaustion or abuse | Rate limit triggers |
| RUN-10 | Observability Coverage | Blind spots in agent behavior | % agents with full observability |
| RUN-11 | Resilience and Failover | Service disruption from agent failure | Failover test success rate |
| RUN-12 | Scalability Adequacy | Performance degradation under load | Capacity headroom percentage |