Now in early access, book a 30-minute demo →
Report

The AI Security Framework

Defining security for AI agents and MCPs.

What's inside

  • The AI artifact attack surface: the eight artifact types that now live on every endpoint (agents, MCP servers, extensions, skills, plugins, secrets, hooks, and CLIs) and why they fall outside existing controls.
  • MCP trust tiers: a classification model for sorting servers and integrations into official, community, and unknown, and what each tier should be allowed to do.
  • Permission hygiene: how to reason about inferred capabilities (filesystem, shell, network, credentials) and why blanket grants like Bash(*) or Write(*) are the patterns to eliminate first.
  • Dangerous-combination detection: capability pairings that are low-risk alone but high-risk together, and how to flag them before they reach production.
  • Secret handling: keeping credentials on the endpoint, redacting before anything leaves the device, and avoiding plaintext secrets in agent configuration.
  • Policy patterns: writing enforceable rules (approved-MCP allowlists, no blanket permissions, no plaintext secrets) that evaluate continuously rather than at a single point in time.
  • Audit requirements: the record of every added, removed, and modified artifact you need so that 'what changed last Thursday?' is answerable as a single query.

About this report

This framework is built for the people who now own a surface that did not exist a year ago. AI agents and MCPs have become the new shadow IT: they install in minutes, request broad permissions, connect to outside services, and leave little trace for the security team. Network gateways, EDR, DLP, and GRC tooling each see a slice of the picture, but none of them was designed to inventory or govern the AI artifact layer itself. The result is a blind spot, and you can't govern what you can't see. This report defines a vocabulary and a set of controls for closing it, organized around discovery, classification, permission hygiene, policy enforcement, and audit.

Anomity is an early-access company building toward this framework rather than claiming it as a finished standard. The patterns here reflect how we approach Agentic Endpoint Security: a lightweight, unprivileged daemon that discovers AI artifacts across Windows, macOS, and Linux, classifies them by trust and inferred capability, evaluates them against rules you define, and keeps a 90-day record of every change. The framework is product-independent and meant to be useful whether or not you ever deploy Anomity. We share it to give security teams a common way to talk about agentic risk before it becomes an incident.

Ask AI about Anomity
ChatGPT Claude Perplexity Google AI Grok