--- title: OWASP AISVS, AI Agent Compliance Coverage description: How ZioSec evidence satisfies OWASP AISVS. Control-by-control mapping with coverage type, supporting evidence, and out-of-scope items. url: https://ziosec.com/ai-compliance/owasp-aisvs about: OWASP AISVS authority: OWASP Foundation reference: AISVS v1.0 --- # OWASP AISVS Standard 05 of 05. Technical, Open Source. Modeled on OWASP ASVS, this is the technical verification checklist that risk frameworks point to. Thirteen chapters, three levels, testable by design. ## At a glance - **Released:** v1.0 (current stable) - **Founder:** Jim Manico et al. - **Levels:** L1, L2, L3 - **Position:** Technical complement to the other four ## Control-level coverage Where ZioSec evidence satisfies OWASP AISVS: - **C01 Training Data Governance** (Supporting) - Obligation: Provenance, integrity, and lifecycle controls for training data. - ZioSec capability: Inference-Time Probing - Coverage: Probes for training-data leakage at inference time. - Evidence: Training data extraction tests - **C02 User Input Validation** (Full) - Obligation: Prompt injection defenses, content screening, multimodal input validation. - ZioSec capability: Direct Coverage - Coverage: Prompt injection is the central probe. Multimodal injection vectors tested. - Evidence: Injection success rates; Multimodal attack reports; Filter classifier scores - **C03 Model Lifecycle & Change Control** (Full) - Obligation: Versioning, approval gates, and rollback for model changes. - ZioSec capability: Regression Testing - Coverage: Every model or system-prompt change triggers re-pentest. - Evidence: Pre/post-change deltas; Regression catalog - **C04 Infrastructure, Configuration & Deployment** (Full) - Obligation: Hardening of the runtime environment. - ZioSec capability: Containerized Hardening - Coverage: ZioSec deploys in a hardened container by default. - Evidence: Container attestations; Config drift reports - **C05 Access Control & Identity** (Full) - Obligation: Identity and authorization for AI components and users. - ZioSec capability: Identity Flow Testing - Coverage: Tests confused-deputy, token leakage, scope creep. - Evidence: Authorization bypass tests; Token handling reports - **C06 Supply Chain Security** (Partial) - Obligation: Models, frameworks, datasets from third parties. - ZioSec capability: Pickle & Tool-Source Probing - Coverage: Tests unsafe deserialization, model file integrity, and rogue MCP tool descriptions. - Evidence: SBOM-aligned findings; Pickle vulnerability tests - **C07 Model Behavior, Output Control & Safety** (Full) - Obligation: Output filtering, groundedness, behavior bounds. - ZioSec capability: Output Probing - Coverage: Adversarial inputs designed to elicit out-of-policy outputs. - Evidence: Output violation reports - **C08 Memory, Embeddings & Vector DB Security** (Full) - Obligation: Controls for RAG pipelines, vector stores, and persistent memory. - ZioSec capability: RAG Probing Suite - Coverage: Tests for cross-tenant retrieval leakage, embedding inversion, and vector store poisoning. - Evidence: RAG corruption reports; Cross-tenant tests - **C09 Autonomous Orchestration & Agentic Action** (Full) - Obligation: Controls for agents that take autonomous actions and chain tools. - ZioSec capability: This Is The Heart Of It - Coverage: ZioSec was built for this chapter. Multi-step agent action chains, tool orchestration safety. - Evidence: Action chain analysis; Tool composition tests; Autonomy boundary reports - **C10 Adversarial Robustness & Attack Resistance** (Full) - Obligation: Defense against jailbreaks, evasion, model extraction. - ZioSec capability: Direct Coverage - Coverage: The full adversarial test corpus aligns with C10. - Evidence: Jailbreak success rates; Extraction attempt logs; Robustness benchmarks - **C11 Privacy Protection & Personal Data** (Full) - Obligation: Protection of personal data flowing through the AI system. - ZioSec capability: Privacy Test Suite - Coverage: Membership inference, training data extraction, PII echo. - Evidence: Privacy test reports; Inference attack results - **C12 Monitoring, Logging & Anomaly Detection** (Full) - Obligation: Observability and detection capabilities. - ZioSec capability: Telemetry As Default - Coverage: Containerized deployment captures the events C12 requires. - Evidence: Detection-rate validation; Telemetry attestation - **C13 Human Oversight, Accountability & Governance** (Supporting) - Obligation: Governance scaffolding, human-in-the-loop touchpoints. - ZioSec capability: Governance Plumbing - Coverage: Fleet-wide governance feeds the data C13 requires. - Evidence: Override audit trail; Escalation logs ## Crosswalk available Get the AISVS verification report. We will run your agents against AISVS requirements at L1, L2, or L3 and produce a verification report. What you receive: - Per-chapter coverage map - Verification report (L1/L2/L3) - Pass/fail per requirement - Failed-test remediation plan - Cross-framework feed-through - Re-test cadence schedule Email info@ziosec.com (subject: AISVS Verification) or open the cross-framework matrix at https://ziosec.com/ai-compliance/matrix.