ATTACK SURFACE ATLAS · LIVE CONTROL MODEL

The AI perimeter is an atlas of delegated action.

Network diagrams cannot explain what an agent can read, infer, call, generate, or leak. The atlas turns every agent workflow into seven testable surfaces with attack paths, controls, owners, and board-ready evidence.

Open the atlasMap our estate

Your AI perimeter is wherever an agent can receive instruction, borrow identity, retrieve context, call a tool, execute in a runtime, create output, or leak through egress.

Seven-surface atlas

Click a surface. Trace the failure path. Define the control.

Each surface maps to an attacker path, a closure strategy, and an IMS deliverable. This is the operating map for agent trust.

01 / Instruction surface

Prompts, hidden policy, system messages, and tool descriptions shape agent behavior.

What attackers do

Smuggle instructions through content the agent treats as context.

What closes it

Instruction provenance, tool-policy separation, prompt-injection tests, and refusal evidence.

IMS deliverable

Instruction-control review and adversarial prompt path report.

Attack path console

The failure is a chain, not a prompt.

IMS maps where untrusted inputs become trusted actions, then produces the evidence required to close the loop.

01Untrusted documentinstruction surface
02Retrieved as contextcontext surface
03MCP tool calledtool surface
04CRM record changedidentity + runtime
05Summary emailed outoutput + egress
Control model

From Zero Trust to Agent Trust.

Agent trust does not replace Zero Trust. It extends the control boundary to instruction, context, tools, outputs, and data flow.

Control questionTraditional perimeterAgentic enterprise
Who acts?Human user or application identity.Agent identity with delegated authority and policy-bound tools.
What is trusted?Network segment, device posture, session.Instruction source, context provenance, tool scope, runtime boundary.
How failure shows upUnauthorized access or lateral movement.Prompt injection, tool abuse, data exfiltration, unreviewed action.
What proves controlAccess logs and policy enforcement.Agent action audit, context lineage, red-team results, egress evidence.
90-day operating plan

Visibility first. Controls second. Proof third.

Sprint 01 0–30 days

Inventory the agent estate.

Find copilots, RAG systems, MCP servers, AI vendors, browser agents, and workflows with tool access. Assign every surface an owner.

Sprint 02 31–60 days

Close the obvious blast radius.

Narrow identity scopes, isolate runtime, gate tools, tag sensitive context, define logging, and set egress rules before expansion.

Sprint 03 61–90 days

Red-team and brief leadership.

Test high-value workflows, prove control behavior, document residual risk, and fund the roadmap in language leadership can use.

Assessment CTA

Turn the atlas into your enterprise map.

IMS assesses your AI estate against the seven surfaces and produces a prioritized, board-ready control roadmap.

Request assessmentSee service model