CSAI 2026 Strategic Mission: Securing the Agentic Control Plane
The Cloud Security Alliance AI (CSAI) Foundation’s 2026 mission addresses the security, governance, and assurance infrastructure required for autonomous AI agent ecosystems. This section contains all research papers, frameworks, specifications, and tools organized by the six CSAI strategic programs.
30 publications | 21 white papers | 9 research notes | Updated April 2, 2026
Foundational Documents
- Agentic Universe: April 2026 — Definitions, taxonomy, and security considerations for AI agents in enterprise environments. Introduces the Identify-Classify-Control-Monitor-Assure operational model and the CSA Agent Security Architecture (ASA). [PDF]
- Master Framework Alignment Matrix — Cross-references all deliverables against AICM, OWASP ASI, MITRE ATLAS, MAESTRO, NIST AI RMF, EU AI Act, and STAR for AI.
Program 1: AI Risk Observatory
Providing industry visibility into autonomous agent behavior, failures, and risk.
- MITRE ATLAS Agentic Gap Analysis — Six attack technique categories missing from ATLAS for multi-agent systems
- CVE/CWE Agentic Vulnerability Catalog — Inventory of known agentic CVEs and proposed new CWE weakness categories
- CNA Operations Manual — Operational playbook for CSAI as CVE Numbering Authority for agentic AI
- AI Risk Observatory Telemetry Architecture — Event schemas, AI-assisted processing pipeline, and dashboard specifications
- RiskRubric MCP Scanner Specification — Automated MCP server security scanning with A-F scoring
- RiskRubric V2 Agentic Extension — Four new agentic assessment pillars for model evaluation
- RiskRubric Agentic Benchmark Suite — Red-team test scenarios mapped to all 10 OWASP ASI categories
- Agentic Framework CVE Analysis — Actively exploited Langflow and LangChain/LangGraph vulnerabilities
Program 2: Agentic Best Practices
Full lifecycle best practices and tools for secure agentic implementation.
- Agent Identity Governance Framework — Five identity types, OAuth/SPIFFE/SCIM assessment, JIT access model
- Agentic Secure Development Lifecycle (ASDL) — Five-phase SDL extension with MAESTRO threat modeling
- MCP Security Best Practices — Seven control categories and four-level maturity model
- OpenClaw Hardening Guide — Eight control domains for OpenClaw deployments mapped to AICM and OWASP ASI
- Agentic Cybersecurity Implementation Guide — SOC automation, vulnerability management, threat hunting, and IR agent patterns
- Agentic Transaction Security Framework — Agent-initiated payments, PCI DSS/PSD2 mapping, liability framework
- AICM Agentic Control Supplement Gap Analysis — Domain-by-domain analysis of 243 AICM controls, 24 proposed new controls
- NIST AI RMF Agentic Profile — Extensions to all four RMF functions for agent governance
- Agent Registry Specification — Agent profile schema, trust profiles, discovery protocol, API spec
- NemoClaw Security Assessment — NVIDIA NemoClaw evaluated against MAESTRO and AICM
Program 3: Education, Credentialing & Awareness
Building global workforce capacity to secure, audit, and govern autonomous AI agent ecosystems.
- TAISE Agentic Body of Knowledge — Seven competency domains with Bloom’s taxonomy learning objectives
- TAISE CxO Body of Knowledge — Executive-level curriculum with board-ready risk narratives
- TAISE Compass Curriculum — Five-module high school AI agent safety curriculum
- Agentic AI Summit Series Design — Five conference tracks with TAISE CEU integration
Program 4: CxOtrust for Agentic AI
Executive collaboration translating agentic AI risk into board-level decisions.
- TAISE CxO Body of Knowledge — Board-level risk narratives, decision frameworks, ROI models
- Agentic Governance Maturity Model — Five-level self-assessment framework for enterprise AI agent governance
- State of Cloud and AI for Financial Services 2026 — CxO-relevant data on agent adoption, risk, and governance gaps
Program 5: Global Assurance & Trust
Extending CSA’s proven assurance model into the agentic era.
- STAR for AI Agentic Certification Scheme — Agentic-specific certification levels with continuous certification
- AICM Agentic Control Supplement — 24 proposed new controls for agent-specific governance
- Valid-AI-ted Audit Engine Specification — AI-powered GRC automation for STAR assessments
- Standards Engagement Proposals — Contribution roadmaps for MITRE, NIST, OWASP, ISO
Program 6: Future Forward Initiatives
Pioneering infrastructure, certification, and research for the future AI economy.
- Catastrophic Risk Annex — 31 enhanced AICM controls for high-autonomy systems with catastrophic risk potential
- RiskRubric Agentic Benchmark Suite — Adversarial testing for agent certification
CSA Pod — Live agent interaction testbed: pod.cloudsecurityalliance.org
Open Source Tools
- OpenClaw Security Audit Tool — 53 security checks, auto-fix engine, SARIF output, fleet SSH scanning
- CSA Pod — Agent interaction testbed with MCP server integration
For the complete CSAI mission and sponsorship information, visit csai.foundation/csai-mission