Enterprise Trust Center Export
What this is. SecurityRecipes should be easy for an enterprise reviewer to approve. This export is the compact trust-center packet: one JSON artifact that says which controls exist, which evidence packs prove them, which MCP tools expose them, and which diligence questions they answer.
The product bet
SecurityRecipes is positioned as The Secure Context Layer for Agentic AI. The open site already has recipes, policy packs, runtime evaluators, an MCP server, attestation seeds, evals, identity contracts, handoff controls, and a control-plane blueprint. The missing reviewer surface was the packaging: a single artifact a platform team, CISO staff, GRC reviewer, procurement team, security reviewer can inspect first.
The Enterprise Trust Center Export packages the generated evidence into a diligence-ready contract:
- what context agents may receive,
- which MCP tools and connectors are governed,
- which non-human identities may act,
- how A2A and provider-native handoffs are bounded,
- how high-impact autonomous actions are held, denied, or killed,
- how agentic incidents are classified, contained, preserved, replayed, and disclosed,
- which telemetry fields reconstruct agent, model, MCP, policy, egress, approval, verifier, and incident evidence without raw secret capture,
- which evals and red-team drills prove behavior,
- which standards controls map to generated evidence,
- which runtime evidence fields must exist,
- which open artifacts support the hosted-ready control plane.
This makes AI easier because reviewers do not need to read the whole site to understand the security model. They can ask the MCP server for one export, then drill into the exact pack, section, or diligence question that matters.
What was added
data/assurance/enterprise-trust-center-profile.json- source contract for standards alignment, required packs, trust-center sections, diligence questions, runtime evidence, and trusted-source path.data/evidence/enterprise-trust-center-export.json- generated export for reviewer diligence, MCP clients, and CI drift detection.recipes_enterprise_trust_center_export- MCP tool for the full export, a section, an evidence pack, a diligence question, or filtered category/status views.
What is inside
| Section | Purpose |
|---|---|
export_summary |
Trust-center readiness, pack counts, section counts, failure counts, MCP tool count, readiness summary, threat radar summary, BOM summary, and trust review-readiness snapshot. |
pack_index |
Required evidence packs with paths, hashes, schemas, categories, failure counts, summaries, status, and MCP tools. |
trust_center_sections |
reviewer-readable control areas such as secure context, MCP control plane, agent identity, handoffs, assurance/evals, and market strategy. |
catastrophic-risk-governance |
Severe-risk section for high-impact action classes, approval and risk acceptance, runtime kill signals, and replayable catastrophic-risk scenarios. |
agentic-incident-response |
Incident-response section for secure-context and MCP failures: classification, containment, forensic evidence, replay gates, recertification, and disclosure. |
runtime-telemetry-evidence |
Telemetry section for OpenTelemetry-shaped agent, model, MCP, context, policy, egress, approval, verifier, and incident traces with redaction controls. |
diligence_questions |
Specific reviewer questions with answers, evidence paths, and MCP tools to inspect next. |
crosswalk_summary |
Standards coverage for OWASP Agentic Top 10, NIST AI agent and GenAI guidance, MCP authorization, and frontier-lab prompt-injection defenses. |
runtime_evidence_contract |
Fields a production run must capture: workflow, run, identity, source hashes, MCP decisions, auth, egress, handoff, approvals, evals, and receipt IDs. |
vendorization_path |
Open, team, enterprise, and reviewer value paths without closing the public knowledge base. |
MCP examples
Get the executive summary and section index:
{}
Inspect secure-context diligence:
{
"section_id": "secure-context-layer"
}
Inspect one evidence pack:
{
"pack_id": "agentic-catastrophic-risk-annex"
}
Answer a reviewer question directly:
{
"question_id": "mcp-auth"
}
Find anything not trust-center-ready:
{
"status": "needs_attention"
}
Why it is review-ready
This is the review and diligence wrapper a trusted-source project needs. The open corpus creates distribution. The generated packs create machine readable trust. The MCP server turns those packs into an operational surface. The trust-center export ties the pieces together so a reviewer can quickly see the category claim, evidence coverage, runtime control points, and hosted enterprise path.
The hosted-ready path becomes straightforward:
- hosted MCP policy enforcement,
- customer-private context registries,
- signed context releases,
- connector discovery and schema-drift alerts,
- OpenTelemetry collector policy and redaction verification,
- agent run-receipt retention,
- incident evidence vaulting and SIEM/SOAR export,
- approval receipt exports,
- continuous eval replay,
- procurement and trust-center API exports.
Industry alignment
The export is anchored in current primary guidance:
- NIST AI Agent Standards Initiative for agent standards, open protocols, agent identity, and security evaluations.
- CAISI AI Agent Security RFI for constraining and monitoring agent access under indirect prompt injection, data poisoning, and misaligned-action risk.
- OWASP Top 10 for Agentic Applications for behavior hijacking, tool misuse, identity abuse, supply chain, insecure inter-agent communication, memory/context poisoning, and rogue behavior.
- MCP Authorization for resource indicators, token audience validation, PKCE, protected resource metadata, and token-passthrough denial.
- A2A Protocol for agent discovery, task exchange, HTTP-layer authentication, server-identity verification, and skill-based authorization.
- NIST SP 800-218A for secure development expectations that apply to AI producers, integrators, and reviewers.