Scope Expansion Punch-List (2026-05)
Audit-trail page for the wiki scope expansion of 2026-05-13. The wiki broadened from sec-of-ai only to six scope axes covering the bidirectional intersection of agentic AI and enterprise security (see conventions §Scope Axes). This page tracks the five known content holes surfaced during planning, plus the lazy-backfill decision for the 309 existing pages.
Known Holes (P1 — Ingest Candidates)
The following items were identified as the highest-priority gaps under the new scope axes. Each is a candidate for the first 30 days of ingest activity. Order is suggested priority.
1. Microsoft Security Copilot (dedicated product page) — STUB CREATED 2026-05-13
Axis: ai-in-sec-defense
Status: seed stub at Microsoft Security Copilot (c-000024). Page documents the five Microsoft-built role-specialized agents (Security Analyst, Alert Triage, Conditional Access Optimization, Data Security Posture, Data Security Triage) plus the 15-partner Security Store. Substantive content deferred to the next ingest — page is a routing address, not a full product write-up.
Remaining work: sourced ingest specifically about Security Copilot (RSAC 2026 deeper material, partner-agent catalog detail, independent benchmarks if available); promote from seed to developing.
2. Google Sec-PaLM / SecLM ecosystem
Axis: ai-in-sec-defense
Why it matters: Agentic SOC state of the field currently presents a Microsoft-plus-CrowdStrike axis; Google’s defender-side AI offerings are absent. This is the single largest entity-page hole on the defender axis.
Candidate sources: Google Cloud Security blog, Sec-PaLM 2 announcement (2023), Gemini for Security Operations (2024+), Mandiant AI integrations.
Target pages: wiki/entities/products/google-sec-palm.md (or per-product split), reference in Agentic SOC thesis.
3. XBOW — INGESTED 2026-05-13
Axis: ai-in-sec-offense, ai-vuln-discovery
Status: developing page at XBOW (c-000026). Source: XBOW’s Mythos Evaluation (May 2026) (c-000025). Companion entity Mythos (c-000027) created as part of same ingest — preview-stage Anthropic frontier model that XBOW evaluated. Cross-referenced from Offensive AI thesis and Frontier AI thesis (which was promoted from seed to developing by this ingest).
Remaining work: founders/leadership team; funding stage; customer case studies; AISI / Point Estimate independent benchmark sourcing; XBOW disclosure-pipeline practices.
4. Prophet AI
Axis: ai-in-sec-defense (and possibly ai-in-sec-offense)
Why it matters: Prophet AI sits at the SOC-automation/agentic-detection frontier; need to characterize whether it is purely defender-side or has offensive-adjacent capability.
Candidate sources: Prophet AI homepage, customer announcements, funding rounds, comparative coverage in Microsoft Secure Agentic AI partner discussions.
Target pages: wiki/entities/products/prophet-ai.md.
5. Autonomous-pentest tooling category
Axis: ai-in-sec-offense
Why it matters: Beyond XBOW, a comparative landscape page would anchor Offensive AI state of the field. Candidates include Dropzone (SOC framing but offensive-adjacent), Horizon3 NodeZero (classical autonomous pentest with AI augmentation), Tarian.
Candidate sources: Vendor materials, Gartner/Forrester coverage, Red Teaming Capability Framework tier 5 vendor evaluation criteria.
Target pages: Comparison page wiki/comparisons/autonomous-pentest-tooling-2026.md; per-vendor entity pages.
6. AI-Attacker SDLC threat model
Axis: sec-against-ai
Why it matters: SDLC in the AI-Attacker Era thesis flagged the lack of explicit SLSA/SSDF/CSAF revision for AI-augmented adversaries. A concept page documenting the threat model (separate from any specific framework’s response) would let the thesis cite a structured artifact instead of arguing in prose.
Candidate sources: Recent CISA/NCSC guidance on AI-augmented threats, academic threat modeling papers, vendor (Anthropic, OpenAI, Microsoft) responsible-disclosure posts about model-assisted attacks.
Target pages: wiki/concepts/ai-augmented-attacker-threat-model.md.
Lazy-Backfill Decision
The 309 existing pages did not carry scope_axis: frontmatter at the time of the expansion. The decision was lazy-on-touch: existing pages default to [sec-of-ai] (the original wiki scope) when no field is present; the field is added the next time a page is touched (edited, lint-swept, re-ingested). No bulk-rewrite pass was performed because it would re-touch updated: on 309 pages and pollute the log.
The five highest-signal pages were explicitly backfilled as part of the 2026-05-13 expansion:
- Microsoft Secure Agentic AI End-to-End →
[sec-of-ai, ai-in-sec-defense] - CrowdStrike →
[sec-of-ai, ai-in-sec-defense] - Agent Commander →
[sec-of-ai, ai-in-sec-offense] - General Analysis →
[redteam-for-ai, ai-in-sec-offense] - Claude+Stripe Coupons →
[sec-of-ai, ai-in-sec-offense]
Note: a dedicated wiki/entities/products/microsoft-security-copilot.md page does not yet exist; Security Copilot is currently referenced only inside the Microsoft Secure Agentic AI paper page. Creating a dedicated product page is one of the first ingest candidates for the ai-in-sec-defense axis (added below).
A lint-scope.py (or extension of [[conventions|lint-sources.py]]) is future work — see conventions §Scope Discipline rule 6.
Decision Log
- 2026-05-13 (evening) — XBOW + Mythos ingest. Source: XBOW blog post (May 12, 2026). Three new pages: paper (
c-000025), XBOW org (c-000026), Mythos product (c-000027). Closes punch-list item 3 (XBOW). Frontier AI thesis promoted fromseedtodeveloping— first sourced anchor on theai-vuln-discoveryaxis. Offensive AI thesis XBOW gap callout closed. - 2026-05-13 (afternoon) — Lint pass after scope expansion. Six DragonScale addresses allocated (
c-000018throughc-000023) and added to the five thesis seeds and this gap page. Wikilink typo (agentic-ai-security-reference-architecture-2026→...-architecture) fixed inoverview.mdand the agentic-soc thesis. Microsoft Security Copilot stub created (item 1 above,c-000024). Lint report at Lint Report 2026-05-13. - 2026-05-13 (morning) — Scope expansion approved. Added
wiki/offensive/folder. Adopted six-value closedscope_axis:vocabulary. Built five thesis seeds (no new RAs or CMMs). Chose lazy-backfill over bulk-rewrite. Plan archived at/home/admin_user/.claude/plans/i-want-to-expand-calm-aurora.md.