security-mcp 1.1.4 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (129) hide show
  1. package/README.md +116 -264
  2. package/defaults/checklists/ai.json +20 -1
  3. package/defaults/checklists/api.json +35 -1
  4. package/defaults/checklists/infra.json +34 -1
  5. package/defaults/checklists/mobile.json +23 -1
  6. package/defaults/checklists/payments.json +15 -1
  7. package/defaults/checklists/web.json +11 -1
  8. package/defaults/security-policy.json +2 -2
  9. package/dist/cli/index.js +0 -0
  10. package/dist/gate/baseline.js +82 -7
  11. package/dist/gate/catalog.js +10 -2
  12. package/dist/gate/checks/ai.js +757 -39
  13. package/dist/gate/checks/auth-deep.js +920 -216
  14. package/dist/gate/checks/business-logic.js +751 -0
  15. package/dist/gate/checks/ci-pipeline.js +399 -4
  16. package/dist/gate/checks/crypto.js +423 -2
  17. package/dist/gate/checks/dependencies.js +571 -15
  18. package/dist/gate/checks/graphql.js +201 -19
  19. package/dist/gate/checks/infra.js +246 -1
  20. package/dist/gate/checks/injection-deep.js +827 -184
  21. package/dist/gate/checks/k8s.js +114 -1
  22. package/dist/gate/checks/mobile-android.js +917 -3
  23. package/dist/gate/checks/mobile-ios.js +797 -5
  24. package/dist/gate/checks/required-artifacts.js +194 -0
  25. package/dist/gate/checks/runtime.js +178 -0
  26. package/dist/gate/checks/secrets.js +244 -13
  27. package/dist/gate/checks/supply-chain-deep.js +787 -0
  28. package/dist/gate/checks/web-nextjs.js +572 -48
  29. package/dist/gate/diff.js +17 -5
  30. package/dist/gate/evidence.js +8 -1
  31. package/dist/gate/exceptions.js +131 -9
  32. package/dist/gate/policy.js +280 -131
  33. package/dist/mcp/audit-chain.js +122 -28
  34. package/dist/mcp/auth.js +169 -0
  35. package/dist/mcp/learning.js +129 -4
  36. package/dist/mcp/model-router.js +158 -21
  37. package/dist/mcp/orchestration.js +186 -51
  38. package/dist/mcp/server.js +337 -53
  39. package/dist/repo/fs.js +24 -1
  40. package/dist/repo/search.js +31 -6
  41. package/dist/review/store.js +52 -1
  42. package/package.json +7 -7
  43. package/skills/_TEMPLATE/SKILL.md +99 -0
  44. package/skills/advanced-dos-tester/SKILL.md +109 -0
  45. package/skills/agentic-loop-exploiter/SKILL.md +368 -0
  46. package/skills/ai-llm-redteam/SKILL.md +104 -0
  47. package/skills/ai-model-supply-chain-agent/SKILL.md +103 -0
  48. package/skills/algorithm-implementation-reviewer/SKILL.md +98 -0
  49. package/skills/android-penetration-tester/SKILL.md +455 -46
  50. package/skills/anti-replay-tester/SKILL.md +106 -0
  51. package/skills/appsec-code-auditor/SKILL.md +85 -0
  52. package/skills/artifact-integrity-analyst/SKILL.md +441 -0
  53. package/skills/attack-navigator/SKILL.md +467 -8
  54. package/skills/auth-session-hacker/SKILL.md +102 -0
  55. package/skills/aws-penetration-tester/SKILL.md +456 -0
  56. package/skills/azure-penetration-tester/SKILL.md +490 -3
  57. package/skills/binary-auth-validator/SKILL.md +111 -0
  58. package/skills/bot-detection-specialist/SKILL.md +109 -0
  59. package/skills/business-logic-attacker/SKILL.md +231 -0
  60. package/skills/capec-code-mapper/SKILL.md +84 -0
  61. package/skills/cert-pin-rotation-specialist/SKILL.md +112 -0
  62. package/skills/cicd-pipeline-hijacker/SKILL.md +405 -0
  63. package/skills/ciso-orchestrator/SKILL.md +454 -43
  64. package/skills/cloud-infra-specialist/SKILL.md +118 -0
  65. package/skills/compliance-gap-analyst/SKILL.md +422 -0
  66. package/skills/compliance-grc/SKILL.md +85 -0
  67. package/skills/compliance-lifecycle-tracker/SKILL.md +84 -0
  68. package/skills/credential-stuffing-specialist/SKILL.md +102 -0
  69. package/skills/crypto-pki-specialist/SKILL.md +87 -0
  70. package/skills/csa-ccm-mapper/SKILL.md +84 -0
  71. package/skills/csf2-governance-mapper/SKILL.md +84 -0
  72. package/skills/deep-link-fuzzer/SKILL.md +109 -0
  73. package/skills/dependency-confusion-attacker/SKILL.md +415 -0
  74. package/skills/device-integrity-aggregator/SKILL.md +108 -0
  75. package/skills/dos-resilience-tester/SKILL.md +97 -0
  76. package/skills/dread-scorer/SKILL.md +84 -0
  77. package/skills/egress-policy-enforcer/SKILL.md +99 -0
  78. package/skills/evidence-collector/SKILL.md +98 -0
  79. package/skills/file-upload-attacker/SKILL.md +109 -0
  80. package/skills/gcp-penetration-tester/SKILL.md +459 -2
  81. package/skills/git-history-secret-scanner/SKILL.md +106 -0
  82. package/skills/iam-privesc-graph-builder/SKILL.md +152 -0
  83. package/skills/incident-responder/SKILL.md +111 -0
  84. package/skills/injection-specialist/SKILL.md +102 -0
  85. package/skills/ios-security-auditor/SKILL.md +282 -0
  86. package/skills/json-ambiguity-tester/SKILL.md +0 -0
  87. package/skills/k8s-container-escaper/SKILL.md +384 -0
  88. package/skills/key-management-lifecycle-analyst/SKILL.md +98 -0
  89. package/skills/kill-switch-engineer/SKILL.md +102 -0
  90. package/skills/linddun-privacy-analyst/SKILL.md +102 -0
  91. package/skills/logic-race-fuzzer/SKILL.md +443 -0
  92. package/skills/mobile-api-network-attacker/SKILL.md +421 -0
  93. package/skills/mobile-binary-hardener/SKILL.md +102 -0
  94. package/skills/mobile-security-specialist/SKILL.md +85 -0
  95. package/skills/mobile-webview-auditor/SKILL.md +96 -0
  96. package/skills/model-extraction-attacker/SKILL.md +219 -0
  97. package/skills/multipart-abuse-tester/SKILL.md +84 -0
  98. package/skills/oauth-pkce-specialist/SKILL.md +104 -0
  99. package/skills/parser-exhaustion-tester/SKILL.md +142 -0
  100. package/skills/pentest-infra/SKILL.md +98 -0
  101. package/skills/pentest-social/SKILL.md +201 -0
  102. package/skills/pentest-team/SKILL.md +87 -0
  103. package/skills/pentest-web-api/SKILL.md +98 -0
  104. package/skills/privacy-flow-analyst/SKILL.md +234 -0
  105. package/skills/prompt-injection-specialist/SKILL.md +394 -0
  106. package/skills/quantum-migration-planner/SKILL.md +96 -0
  107. package/skills/rag-poisoning-specialist/SKILL.md +358 -0
  108. package/skills/registry-mirror-enforcer/SKILL.md +84 -0
  109. package/skills/rotation-validation-agent/SKILL.md +112 -0
  110. package/skills/samm-assessor/SKILL.md +85 -0
  111. package/skills/secrets-mask-bypass-tester/SKILL.md +100 -0
  112. package/skills/senior-security-engineer/SKILL.md +167 -0
  113. package/skills/serialization-memory-attacker/SKILL.md +332 -0
  114. package/skills/session-timeout-tester/SKILL.md +161 -0
  115. package/skills/slsa-level3-enforcer/SKILL.md +112 -0
  116. package/skills/slsa-provenance-enforcer/SKILL.md +102 -0
  117. package/skills/ssrf-detection-validator/SKILL.md +108 -0
  118. package/skills/step-up-auth-enforcer/SKILL.md +84 -0
  119. package/skills/stride-pasta-analyst/SKILL.md +420 -0
  120. package/skills/supply-chain-devsecops/SKILL.md +98 -0
  121. package/skills/threat-infrastructure-analyst/SKILL.md +84 -0
  122. package/skills/threat-modeler/SKILL.md +85 -0
  123. package/skills/tls-certificate-auditor/SKILL.md +573 -18
  124. package/skills/token-reuse-detector/SKILL.md +95 -0
  125. package/skills/trike-risk-modeler/SKILL.md +84 -0
  126. package/skills/unicode-homograph-tester/SKILL.md +84 -0
  127. package/skills/waf-rule-lifecycle-agent/SKILL.md +97 -0
  128. package/skills/webhook-security-tester/SKILL.md +102 -0
  129. package/skills/zero-trust-architect/SKILL.md +109 -0
@@ -75,3 +75,285 @@ Only activated if iOS or cross-platform mobile is detected.
75
75
  - MASVS control ID violated
76
76
  - Swift/ObjC code fix written inline
77
77
  - CVSSv4, CWE
78
+ - `intelligenceForOtherAgents` block (see schema below)
79
+ - `coverageManifest` (see §ZERO-MISS-MANDATE)
80
+
81
+ Every findings JSON MUST include `intelligenceForOtherAgents`:
82
+ ```json
83
+ {
84
+ "intelligenceForOtherAgents": {
85
+ "forPentestTeam": [{ "type": "HIGH_VALUE_TARGET", "description": "...", "exploitHint": "..." }],
86
+ "forCryptoSpecialist": [{ "type": "CRYPTO_WEAKNESS_REFERENCE", "algorithm": "...", "location": "..." }],
87
+ "forCloudSpecialist": [{ "type": "SSRF_TO_CLOUD_CHAIN", "ssrfLocation": "...", "escalationPath": "..." }],
88
+ "forComplianceGrc": [{ "type": "COMPLIANCE_BLOCKER", "frameworks": ["..."], "releaseBlock": true }]
89
+ }
90
+ }
91
+ ```
92
+
93
+ ---
94
+
95
+ ## BEYOND SKILL.MD — MANDATORY EXPANSIONS
96
+
97
+ These expansions cover attack surfaces that OWASP MASVS alone does not fully address. Each
98
+ check is mandatory — do not skip without documented justification.
99
+
100
+ 1. **CVE-2023-23530 / CVE-2023-23531 — NSPredicate Injection via SpringBoard:**
101
+ Any app that constructs `NSPredicate` strings from user input is vulnerable to sandbox
102
+ escape on unpatched iOS 16.3 and below. Test: grep codebase for `NSPredicate(format:` with
103
+ non-literal format strings. Finding: any variable interpolated into the format string without
104
+ `SELF == %@` substitution. Fix: only use `NSPredicate(format:)` with `%@`, `%d`, `%K`
105
+ substitution — never string concatenation.
106
+
107
+ 2. **Frida / Objection Dynamic Instrumentation Bypass Detection:**
108
+ Attackers attach Frida to a running app via `frida-server` on jailbroken devices to hook
109
+ `LAContext.evaluatePolicy` and return `true` unconditionally. Test: check for
110
+ `MSHookFunction` / `fishhook` resistance and integrity checks around auth decision points.
111
+ Concrete detection: compute a runtime hash of `LAContext`'s method IMP; compare against a
112
+ compile-time constant. Finding: absence of any IMP integrity check near biometric evaluation.
113
+
114
+ 3. **iOS Backup Keychain Extraction (CVE class: MASVS-STORAGE-2):**
115
+ Items stored with `kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly` are excluded from
116
+ iTunes/iCloud backup, but items with the non-`ThisDeviceOnly` variants ARE included in
117
+ unencrypted backups. Test: enumerate all `SecItemAdd`/`SecItemUpdate` calls; flag any
118
+ `kSecAttrAccessible` value without `ThisDeviceOnly` suffix for sensitive item classes
119
+ (`kSecClassGenericPassword`, `kSecClassInternetPassword`). Tool: `idevicebackup2` +
120
+ `KeychainDumper` on a backup image. Finding: auth tokens or PII in backup-eligible
121
+ Keychain slots.
122
+
123
+ 4. **Universal Link Hijacking via Misconfigured AASA (apple-app-site-association):**
124
+ If `apple-app-site-association` specifies an overly broad path (`"paths": ["*"]`) or is
125
+ served from an HTTP endpoint, an attacker-controlled domain can intercept OAuth redirects.
126
+ Test: fetch `https://<domain>/.well-known/apple-app-site-association`; validate JSON
127
+ structure, HTTPS enforcement, and path specificity. Script: `curl -s
128
+ https://TARGET/.well-known/apple-app-site-association | jq '.applinks.details[].paths'`.
129
+ Finding: wildcard `*` path or missing HTTPS redirect.
130
+
131
+ 5. **Swift Concurrency Race on Authentication State (`async`/`await` TOCTOU):**
132
+ Post-iOS 15 Swift async/await patterns introduce new TOCTOU windows: an `actor`-isolated
133
+ authentication state may be read by one task while a concurrent task is resetting it.
134
+ Test: search for `actor` definitions that guard auth state; verify that all mutations and
135
+ reads use the same actor isolation. Grep: `nonisolated` adjacent to auth-state-bearing
136
+ actors. Finding: `nonisolated` method on an auth actor that reads sensitive state without
137
+ re-entering the actor.
138
+
139
+ 6. **AI-Assisted Reverse Engineering of Obfuscated Swift Binaries (Post-2024 Threat):**
140
+ LLM-powered tools (e.g., IDA + GPT-4 plugins, BinaryNinja Sidekick) can reconstruct
141
+ business logic from stripped Swift binaries in under an hour — vastly reducing the time
142
+ to extract hardcoded secrets or forge authentication tokens. Test: run `strings` + `nm` on
143
+ the release `.ipa`; confirm no API keys, JWT secrets, or internal hostnames appear in
144
+ plain text. Additionally, verify that certificate pinning logic is not trivially identified
145
+ by pattern-matching on `SecCertificateCopyData` call sites alone. Finding: any secret
146
+ detectable by automated string extraction from the binary.
147
+
148
+ 7. **LLM Prompt-Injection via On-Device AI Features (Post-2024 Threat — Apple Intelligence):**
149
+ Apps integrating Apple Intelligence / Core ML LLM features that pass user-controlled text
150
+ directly to an on-device model without sanitisation are vulnerable to prompt injection
151
+ resulting in privilege escalation within the app's own data scope. Test: identify
152
+ `MLModel`, `NaturalLanguage`, or `CreateML` usage where user text is interpolated into a
153
+ system prompt. Finding: system prompt concatenation with unsanitised `UITextField` or
154
+ clipboard content that can redirect model output to exfiltrate in-app data.
155
+
156
+ 8. **WebView JavaScript Bridge Exposure (`WKScriptMessageHandler`):**
157
+ `WKScriptMessageHandler` creates a named bridge callable from JavaScript inside a
158
+ `WKWebView`. If the WebView loads remote or user-controlled content, any registered message
159
+ handler becomes an RCE or data-exfiltration surface. Test: grep for
160
+ `add(_:name:)` on `userContentController`; for each handler, verify the loaded URL origin
161
+ is pinned to an allowlist. Script: `grep -rn "add.*name:" --include="*.swift"`. Finding:
162
+ handler registered without origin validation, or WebView loads `http://` or a
163
+ user-supplied URL.
164
+
165
+ ---
166
+
167
+ ## §IOS_SECURITY_AUDITOR-CHECKLIST
168
+
169
+ 1. **Keychain accessibility class audit** — Search all `SecItemAdd` calls; verify
170
+ `kSecAttrAccessible` is `WhenUnlockedThisDeviceOnly` or `WhenPasscodeSetThisDeviceOnly`
171
+ for auth tokens and PII. Finding: any non-`ThisDeviceOnly` or `Always*` value for
172
+ sensitive data.
173
+
174
+ 2. **ATS exception audit** — Parse `Info.plist`; flag `NSAllowsArbitraryLoads`, any
175
+ `NSExceptionDomains` entry with `NSExceptionAllowsInsecureHTTPLoads: true`, or
176
+ `NSAllowsLocalNetworking: true` in production builds. Finding: any ATS exception not
177
+ accompanied by a documented compliance reason.
178
+
179
+ 3. **Certificate pinning implementation review** — Locate `URLSession` delegate
180
+ `urlSession(_:didReceive:completionHandler:)`; verify leaf or intermediate certificate
181
+ hash is pinned (not just hostname); verify backup pin exists. Finding: absent pinning,
182
+ hostname-only validation, or pinned only to a single certificate with no fallback.
183
+
184
+ 4. **Biometric auth enrollment-change invalidation** — After `LAContext.evaluatePolicy`
185
+ success, check that `evaluatedPolicyDomainState` is compared against a stored baseline.
186
+ Finding: no `evaluatedPolicyDomainState` persistence between app launches — biometric
187
+ re-enrollment is not detected.
188
+
189
+ 5. **Universal Link / AASA integrity check** — Fetch the AASA file over HTTPS; validate
190
+ the JSON schema against Apple's spec; confirm paths are not `*`; confirm the file is
191
+ served with `Content-Type: application/json`. Finding: any deviation from spec, wildcard
192
+ path, or HTTP delivery.
193
+
194
+ 6. **Pasteboard sensitive-data leak** — Grep for `UIPasteboard.general.string =` and
195
+ `UIPasteboard.general.setValue`; verify no auth tokens, card numbers, or PII are written.
196
+ Finding: any sensitive value written to the general pasteboard (accessible by all apps).
197
+
198
+ 7. **NSUserDefaults / UserDefaults PII audit** — Grep for `UserDefaults.standard.set` and
199
+ `UserDefaults.standard.setValue`; verify keys do not store credentials, tokens, or PII.
200
+ Finding: any token or PII key in `UserDefaults` (unencrypted, included in iCloud backup
201
+ by default).
202
+
203
+ 8. **WKWebView JavaScript bridge origin validation** — For each `WKScriptMessageHandler`
204
+ registration, verify the WebView's navigation delegate `decidePolicyFor` restricts origins
205
+ to a hardcoded allowlist. Finding: handler accessible from arbitrary or remote URLs.
206
+
207
+ 9. **Binary hardening flags** — Run `otool -hv <binary>` and `otool -l <binary> | grep
208
+ stack_chk`; verify PIE flag set, stack canaries present, ARC enabled. Finding: missing
209
+ PIE or stack canary in any framework or main binary.
210
+
211
+ 10. **Info.plist secrets scan** — Search `Info.plist` for keys containing `key`, `secret`,
212
+ `token`, `password`, `apiKey` (case-insensitive). Run `plutil -convert json -o - Info.plist
213
+ | jq 'keys[] | ascii_downcase | select(contains("key","secret","token","password"))'`.
214
+ Finding: any non-empty value for a matched key.
215
+
216
+ 11. **NSPredicate injection audit** — Grep for `NSPredicate(format:` with string interpolation
217
+ or concatenation (not solely `%@`/`%K`/`%d` substitution). Finding: user-controlled data
218
+ in predicate format string (arbitrary property access or sandbox escape on iOS < 16.3.2).
219
+
220
+ 12. **Secure Enclave key usage for authentication** — Verify that private keys used in
221
+ authentication flows are generated with `kSecAttrTokenIDSecureEnclave`. Finding: auth
222
+ private key stored in software Keychain rather than Secure Enclave — extractable via
223
+ Keychain dump on jailbroken device.
224
+
225
+ ---
226
+
227
+ ## §POC-REQUIREMENT
228
+
229
+ Every CRITICAL or HIGH finding MUST follow this exact sequence before being recorded:
230
+
231
+ 1. **Write working PoC FIRST** — exact payload, request sequence, or tool command that
232
+ reproduces the vulnerability. For iOS findings this means: the exact `security
233
+ dump-keychain` command, `frida` script, or `curl` invocation that demonstrates impact.
234
+ 2. **Confirm reproduction** — execute the PoC and capture output proving the finding is real.
235
+ 3. **Write fix** — provide inline Swift/ObjC code that remediates the root cause.
236
+ 4. **Verify PoC fails against fix** — re-run the identical PoC against the fixed code; confirm
237
+ it no longer succeeds.
238
+ 5. **Record in findings JSON** — include `exploitPoC` key with the exact reproduction steps
239
+ and the verification output showing the fix is effective.
240
+
241
+ **PoC skipping = severity automatically downgraded to MEDIUM.** If runtime access is
242
+ unavailable (e.g., CI-only environment), document the limitation in `exploitPoC` and flag
243
+ for manual validation before release.
244
+
245
+ ---
246
+
247
+ ## §PROJECT-ESCALATION
248
+
249
+ Immediately alert the CISO orchestrator and reprioritise the run if ANY of the following
250
+ conditions are detected:
251
+
252
+ 1. **Keychain data accessible without device unlock** — any item found with
253
+ `kSecAttrAccessibleAlways` or `kSecAttrAccessibleAlwaysThisDeviceOnly` containing
254
+ authentication credentials or cryptographic key material.
255
+
256
+ 2. **ATS fully disabled in production build** — `NSAllowsArbitraryLoads: true` confirmed
257
+ in a non-debug `Info.plist`; all network traffic is cleartext-eligible.
258
+
259
+ 3. **Hardcoded private key or JWT secret in binary or plist** — `strings` / `grep` confirms
260
+ a PEM block, base64 key, or JWT `HS256`/`RS256` secret appears verbatim in a shipped
261
+ artifact.
262
+
263
+ 4. **NSPredicate injection on iOS < 16.3.2 confirmed** — user-controlled input reaches
264
+ an `NSPredicate(format:)` call; SpringBoard sandbox escape is within attacker reach.
265
+
266
+ 5. **WKWebView bridge with no origin check loading remote URL** — any `WKScriptMessageHandler`
267
+ accessible from a remotely loaded page; classified as RCE-class vulnerability on the
268
+ app's data scope.
269
+
270
+ 6. **Apple Wallet / PassKit credential stored outside Secure Enclave** — payment or transit
271
+ pass private key material found in software Keychain rather than Secure Enclave.
272
+
273
+ 7. **LLM prompt injection confirmed in Apple Intelligence integration** — attacker-controlled
274
+ clipboard or text field content demonstrably redirects on-device model output to access
275
+ app-internal data or bypass app-level access controls.
276
+
277
+ 8. **Certificate pinning absent on a financial or health data endpoint** — MitM is trivially
278
+ possible on endpoints transmitting PCI-DSS or HIPAA-regulated data.
279
+
280
+ ---
281
+
282
+ ## §EDGE-CASE-MATRIX
283
+
284
+ The 5 attack cases in this domain that automated scanners and naive manual review universally miss. MANDATORY checks — do not skip.
285
+
286
+ | # | Edge Case | Why Scanners Miss It | Concrete Test |
287
+ |---|-----------|----------------------|---------------|
288
+ | 1 | Second-order / stored payload executed in different context | Scanner checks input context, not execution context | Store payload safely; trigger in separate request/session |
289
+ | 2 | Unicode normalisation bypass | Regex filters run before normalisation; attacker uses homoglyphs or composed forms | Submit Ⅰ (U+2160) or < (U+FF1C) variants of known-bad strings |
290
+ | 3 | Polyglot payload active in multiple sinks simultaneously | Scanners test one injection class per payload | `'"><script>{{7*7}}</script><!--` — SQL + XSS + SSTI in one request |
291
+ | 4 | Out-of-band exfiltration (DNS/HTTP callback) | Scanner looks for inline response difference; OOB leaves no visible trace | Use Burp Collaborator / interactsh; inject DNS lookup payload |
292
+ | 5 | Race condition between check and use (TOCTOU) | Sequential scanners don't model concurrency | Send two simultaneous requests to the same state-changing endpoint |
293
+
294
+ ---
295
+
296
+ ## §TEMPORAL-THREATS
297
+
298
+ Threats materialising in the 2025–2030 window that defences designed today must account for.
299
+
300
+ | Threat | Est. Timeline | Relevance to This Domain | Prepare Now By |
301
+ |--------|--------------|--------------------------|----------------|
302
+ | Cryptographically Relevant Quantum Computer (CRQC) | 2028–2032 | Harvest-now-decrypt-later attacks active today; RSA/ECDSA keys signed today will be broken | Inventory all RSA/ECDSA usage; migrate long-lived data to ML-KEM (FIPS 203) |
303
+ | AI-assisted adversaries at scale | 2025–2027 (active) | LLM-powered fuzzing finds 10× more edge cases; automated PoC generation | Assume attackers have LLM help; expand test surface to match |
304
+ | EU AI Act full enforcement | 2026 | High-risk AI systems require mandatory conformity assessments | Classify all AI features against AI Act tiers now |
305
+ | Post-quantum TLS migration deadline | 2028–2030 | Browser vendors will drop classical-only TLS connections | Begin TLS agility assessment; test hybrid key exchange |
306
+ | Mandatory SBOM + build provenance (US EO 14028 / EU CRA) | 2025–2026 (active) | SBOM and SLSA attestation are becoming legally required | Achieve SLSA L2 minimum; generate CycloneDX SBOM per release |
307
+
308
+ ---
309
+
310
+ ## §DETECTION-GAP
311
+
312
+ What current security monitoring CANNOT detect in this domain, and what to build to close each gap.
313
+
314
+ **Standard gaps that MUST be checked:**
315
+
316
+ - **Second-order attack execution**: The storage request looks safe; only the retrieval+execution step is dangerous. Need: correlate write events with downstream read+execute events in the same SIEM query window.
317
+ - **Timing-side-channel leakage**: No log event emitted; only observable as microsecond response-time variance. Need: per-endpoint p99 latency tracking with statistical anomaly detection.
318
+ - **Low-and-slow credential stuffing**: Individually, each request is under rate limits. Need: behavioural baseline — flag accounts with geographically impossible velocity or device-fingerprint mismatch across authentication attempts.
319
+ - **Insider exfiltration via legitimate process**: Authorised exports, reports, and data downloads that individually are permitted but collectively constitute data exfiltration. Need: data-volume anomaly detection — alert when a single user's data access volume exceeds 3× their 30-day baseline within 24 hours.
320
+ - **Cross-agent attack chains**: Phase 1 finding A + Phase 1 finding B = CRITICAL chain invisible to either agent alone. Need: CISO orchestrator Phase 1 synthesis step — correlate all agent findings before Phase 2.
321
+
322
+ ---
323
+
324
+ ## §ZERO-MISS-MANDATE
325
+
326
+ This agent CANNOT declare any attack class clean without explicit evidence of checking. For each item, output one of:
327
+ - `CHECKED: [N files] | [patterns used] | CLEAN`
328
+ - `CHECKED: [N files] | [patterns used] | [N findings, all fixed]`
329
+ - `SKIPPED: [reason — must be "not applicable: [evidence]"]`
330
+
331
+ **Silent skip = FAILED COVERAGE.** The orchestrator flags this as a quality gap.
332
+
333
+ The output findings JSON MUST include a `coverageManifest` key:
334
+ ```json
335
+ {
336
+ "coverageManifest": {
337
+ "attackClassesCovered": [{ "class": "SQL Injection", "filesReviewed": 47, "patterns": ["queryRaw", "string concat"], "result": "CLEAN" }],
338
+ "filesReviewed": 47,
339
+ "negativeAssertions": ["SQL Injection: queryRaw pattern searched across 47 files — 0 matches"],
340
+ "uncoveredReason": {}
341
+ }
342
+ }
343
+ ```
344
+
345
+ ---
346
+
347
+ ## LEARNING SIGNAL
348
+
349
+ On every finding resolved, emit:
350
+ ```json
351
+ {
352
+ "findingId": "FINDING_ID",
353
+ "agentName": "ios-security-auditor",
354
+ "resolved": true,
355
+ "remediationTemplate": "one-line description of what was done",
356
+ "falsePositive": false
357
+ }
358
+ ```
359
+ Call `security.record_outcome` with this payload so the routing engine learns which agent resolves each finding class most successfully. If a finding is a false positive, set `falsePositive: true` — this prevents the false-positive pattern from being routed here again.