CraftedTrust's comprehensive security assessment framework, aligned with the Coalition for Secure AI (CoSAI) MCP Security Framework and the OWASP Top 10 for Agentic Applications.
Every MCP server is assessed across 12 weighted categories totaling 100 points. Categories are organized into five security domains.
How CraftedTrust's 12 assessment categories map to the Coalition for Secure AI (CoSAI) threat categories.
| CraftedTrust Category | CoSAI Threat Category | Coverage |
|---|---|---|
| Identity & Auth | Identity & Access Management | Full |
| Permission Scope | Overprivileged Tokens | Full |
| Transport Security | Transport Security | Full |
| Network Behavior | System Integrity | Full |
| Protocol Compliance | Protocol-level Security | Full |
| Declaration Accuracy | Confused Deputy | Partial |
| Tool Integrity | Tool Poisoning | Full |
| Input Validation | Input Validation | Full |
| Supply Chain | Supply Chain Security | Full |
| Code Transparency | Supply Chain Security | Partial |
| Publisher Trust | Identity & Access Management | Partial |
| Data Protection | Data Protection | Full |
Mapping based on CoSAI Agentic AI Security Framework. CraftedTrust categories are designed to comprehensively cover the threat landscape identified by the Coalition for Secure AI.
How CraftedTrust's assessment categories address risks identified in the OWASP Top 10 for Agentic Applications.
| OWASP Agentic Risk | CraftedTrust Categories | Coverage |
|---|---|---|
| A01: Prompt Injection | Tool Integrity, Input Validation | Full |
| A02: Improper Tool/Plugin Use | Declaration Accuracy, Permission Scope | Full |
| A03: Excessive Agency | Permission Scope, Network Behavior | Full |
| A04: Insecure Output Handling | Data Protection, Input Validation | Partial |
| A05: Overreliance on AI Output | (Informational — outside scan scope) | N/A |
| A06: Sensitive Information Disclosure | Data Protection, Identity & Auth | Full |
| A07: Insecure Plugin Design | Tool Integrity, Protocol Compliance | Full |
| A08: Supply Chain Vulnerabilities | Supply Chain, Code Transparency | Full |
| A09: Excessive Permissions | Permission Scope, Identity & Auth | Full |
| A10: Insufficient Logging/Monitoring | (Covered by CraftedTrust Audit Logger) | External |
How CraftedTrust's assessment maps to EU AI Act requirements for high-risk AI systems.
| EU AI Act Article | Title | CraftedTrust Categories | Coverage |
|---|---|---|---|
| Art. 9 | Risk Management | Network Behavior, Tool Integrity, Input Validation, Data Protection | Full |
| Art. 10 | Data Governance | Data Protection, Supply Chain, Code Transparency | Full |
| Art. 11 | Technical Documentation | Declaration Accuracy, Code Transparency, Protocol Compliance | Full |
| Art. 12 | Record-Keeping | Protocol Compliance, Network Behavior (+ Audit Logger) | Full |
| Art. 13 | Transparency | Declaration Accuracy, Code Transparency, Publisher Trust | Full |
| Art. 14 | Human Oversight | Identity & Auth, Permission Scope (+ Audit Logger approve mode) | Full |
| Art. 15 | Accuracy, Robustness & Cybersecurity | Transport Security, Input Validation, Tool Integrity, Identity & Auth, Network Behavior | Full |
CraftedTrust's Audit Logger provides built-in compliance with Article 12 (record-keeping) and Article 14 (human oversight) through its approve mode feature.
How CraftedTrust's assessment categories map to the NIST AI Risk Management Framework functions and subcategories.
| NIST AI RMF Function | Subcategories Covered | CraftedTrust Categories | Coverage |
|---|---|---|---|
| GOVERN | GV-1.3 Transparency, GV-1.6 Accountability, GV-3.2 Policies | Code Transparency, Publisher Trust, Declaration Accuracy | Full |
| MAP | MP-2.3 Risk Identification, MP-3.4 Dependencies, MP-4.2 Impact Assessment | Supply Chain, Network Behavior, Permission Scope, Data Protection | Full |
| MEASURE | MS-1.1 Security Testing, MS-2.3 Validation, MS-2.6 Monitoring | Tool Integrity, Input Validation, Protocol Compliance, Transport Security | Full |
| MANAGE | MG-2.2 Incident Response, MG-2.4 Risk Treatment, MG-3.1 Access Control | Identity & Auth, Permission Scope, Network Behavior, Data Protection | Full |
How CraftedTrust's assessment categories map to the AIUC-1 AI agent security standard risk domains.
| AIUC-1 Domain | Key Controls | CraftedTrust Categories | Coverage |
|---|---|---|---|
| A: Agent Identity & Authentication | Agent credential management, mutual authentication, identity lifecycle | Identity & Auth, Publisher Trust | Full |
| B: Authorization & Access Control | Least-privilege enforcement, dynamic permission boundaries, scope limitations | Permission Scope, Identity & Auth | Full |
| C: Data Protection & Privacy | Data flow controls, PII handling, encryption requirements, data minimization | Data Protection, Transport Security | Full |
| D: Tool & Plugin Security | Tool validation, input sanitization, capability declaration, integrity checks | Tool Integrity, Input Validation, Declaration Accuracy | Full |
| E: Supply Chain & Dependency Management | Dependency verification, provenance tracking, vulnerability scanning | Supply Chain, Code Transparency | Full |
| F: Monitoring & Incident Response | Runtime monitoring, anomaly detection, audit logging, incident workflows | Network Behavior, Protocol Compliance | Full |
AIUC-1 is the world's first AI agent security standard, developed with 100+ Fortune 500 CISOs. CraftedTrust's 12-factor assessment provides direct coverage across all six AIUC-1 risk domains.
The total trust score ranges from 0 to 100, computed from 12 weighted categories. Scores map to letter grades and trust labels.
Each scan depth tier builds on the previous, adding progressively deeper security analysis.
Further reading on the frameworks and tools referenced in this standard.