Layer 6

Compliance & Governance

177 detection rules mapped to 9 security frameworks. Every finding traces back to specific controls, articles, and techniques — making compliance audits data-driven, not guesswork.

OWASP MCP Top 10

177 rules

The definitive security risk taxonomy for MCP servers. 10 categories covering prompt injection, tool poisoning, command injection, data exfiltration, privilege escalation, and more.

MCP01Prompt Injection14

MCP02Tool Poisoning9

MCP03Command Injection6

MCP04Data Exfiltration6

MCP05Privilege Escalation7

MCP06Excessive Permissions7

MCP07Insecure Configuration11

MCP08Dependency Vulnerabilities7

MCP09Logging & Monitoring2

MCP10Supply Chain8

OWASP Agentic Top 10

82 rules

Security risks specific to agentic AI applications. MCP Sentinel is the first tool to map detection rules to both MCP and Agentic Top 10 frameworks.

ASI01Agent Goal Hijack10

ASI02Tool Misuse9

ASI03Identity & Privilege Abuse5

ASI04Agentic Supply Chain7

ASI05Unexpected Code Execution6

ASI06Memory & Context Poisoning8

ASI07Insecure Inter-Agent Communication5

MITRE ATLAS

148 rules

Adversarial Threat Landscape for AI Systems. ATLAS techniques mapped to MCP-specific detection patterns covering LLM prompt injection, data leakage, context poisoning, and agent manipulation.

AML.T0054LLM Prompt Injection14

AML.T0057LLM Data Leakage6

AML.T0058AI Agent Context Poisoning6

AML.T0059Memory Manipulation3

AML.T0060Modify AI Agent Configuration1

AML.T0061Thread Injection3

NIST AI RMF

4 rules

The NIST AI Risk Management Framework provides standards for trustworthy AI. MCP Sentinel covers GOVERN and MEASURE functions through audit trail and human oversight rules.

GOVERN 1.7Human Override Mechanisms2

MEASURE 2.6Audit Evidence & Logging2

ISO 27001

11 rules

Information security management standard. MCP Sentinel maps to 10 Annex A controls covering audit logging, access control, cryptography, supplier relationships, and system security.

A.5.14Information Transfer1

A.5.15Access Control1

A.5.17Authentication Information1

A.5.20Addressing Security in Supplier Agreements1

A.5.21Managing ICT Supply Chain1

A.8.15Logging4

A.8.22Segregation of Networks1

A.8.24Use of Cryptography1

ISO 42001

3 rules

AI Management System standard. MCP Sentinel covers human-in-the-loop requirements and AI transparency controls.

A.8.1AI System Transparency1

A.9.1Human Control of AI Systems1

A.9.2Human Override1

EU AI Act

5 rules

European regulation on artificial intelligence. MCP Sentinel covers Article 12 (record-keeping), Article 14 (human oversight), and Article 15 (robustness and cybersecurity).

Art. 12Record-keeping (Logging)1

Art. 14Human Oversight2

Art. 15Accuracy, Robustness, Cybersecurity2

CoSAI MCP Security

36 rules

Coalition for Secure AI threat model for MCP. MCP Sentinel covers 9 of 12 threat categories including authentication, authorization, tool safety, and supply chain integrity.

MCP-T1/T2Authentication & Authorization6

MCP-T4Tool Output Safety2

MCP-T5Cross-Trust-Boundary Data Flow1

MCP-T6/T11Supply Chain Integrity6

MCP-T8Runtime Sandbox1

MCP-T9Multi-Agent Collusion1

MCP-T10Availability & Resilience2

MCP-T12Audit & Monitoring4

MAESTRO

12 rules

Multi-Agent Evaluation and Security Testing for Robust Operations. Layered security model for AI agent systems covering trust, isolation, observability, and governance.

L3Agent Layer — Integrity2

L4Deployment Layer — Isolation3

L5Observability Layer — Logging4

L7Ecosystem Layer — Trust3

Scan your MCP servers for compliance

Use mcp-sentinel-scanner to check any server against all 9 frameworks. Every finding includes the framework control it maps to, evidence of the violation, and remediation steps.

Get started with MCP Scanner