Red Teaming Capability Framework

A modern red teaming services capability for first-party agentic AI in 2026 should be founded on the following layered approach:

Tier 1: Foundational Standards (Governance & Risk)

• NIST AI RMF 1.0 + NIST AI 600-1 + NIST SP 800-218A
• ISO/IEC 42001 + ISO/IEC 23894
• EU AI Act (enforcement Aug 2026) + DORA (if financial sector)
• NIST/CAISI RFI on AI Agent Security (Jan 2026)

Tier 2: Threat Taxonomies & Attack Libraries (What to Test)

• OWASP LLM Top 10 2025 — model layer
• OWASP Agentic AI Top 10 2026 (ASI01–ASI10) — agent reasoning/orchestration layer
• OWASP Agentic Skills Top 10 2026 (AST01–AST10) — skill/behavior execution layer (missing from customer’s list)
• OWASP MCP Top 10 — protocol/infrastructure layer (missing from customer’s list)
• MITRE ATLAS — adversarial ML techniques
• CSA MAESTRO — 7-layer threat model for cross-layer analysis

Tier 3: Red Teaming Methodology & Scoring (How to Test)

• OWASP Gen AI Red Teaming Guide
• CSA Agentic AI Red Teaming Guide (supplement with 2026 threat intelligence)
• OWASP AIVSS — vulnerability scoring (missing from customer’s list)
• Google SAIF / CoSAI Principles — secure-by-design anchor

Tier 4: Continuous Operations (When and How Often to Test)

• Continuous autonomous red teaming platform integrated into CI/CD and MLOps pipelines
• Behavioral baseline monitoring with runtime anomaly detection
• Scan-on-change triggers for model updates, tool additions, prompt modifications
• Active threat intelligence feeds consuming sources like Snyk ToxicSkills, CVE databases, and campaign-level intelligence (ClawHavoc, etc.)

Tier 5: Vendor Evaluation & Compliance Reporting

• OWASP Vendor Eval Criteria v1.0
• Compliance mapping to EU AI Act, DORA, HIPAA, NIST AI RMF
• AIBOM/SBOM requirements per OWASP CycloneDX