Application & Interface Security
CSA AI Controls Matrix v1.1 domain
Secure AI applications, APIs, agent interfaces, and input/output boundaries.
What this domain means for procurement
AI interfaces add prompt, tool-use, retrieval, and model-output attack surfaces to conventional application security. Buyers should understand how those boundaries are tested and constrained.
How TrustAtlas dimensions support it
Security covers application testing and defensive controls; agent governance covers tool permissions, action boundaries, and human oversight for autonomous interfaces.
SecurityAgent governance
This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.
Questions to ask vendors
Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.
- How do you test APIs, prompts, retrieval paths, and tool calls for injection and unsafe output handling?
- Can customers constrain agent tools, scopes, destinations, and approval thresholds by policy?
- What security telemetry and incident evidence is available for application and interface abuse?
Related
- Back to all 18 CSA AICM v1.1 domains
- Official CSA AICM v1.1 artifact
- NIST AI RMF cross-walk
- TrustAtlas methodology — how the nine risk dimensions are scored