Snyk Agent Scan, NIST AI Control Overlays, and the CSA AI Controls Matrix
As AI agents move from experimental to production deployments, three critical developments are reshaping how organizations secure and govern them: Snyk’s open-source agent-scan tool addresses the immediate need for agent security scanning, while NIST and CSA provide the governance frameworks that organizations need for compliance and risk management.
Snyk Agent Scan
Snyk agent-scan is an open-source security scanner specifically designed for AI agents, MCP servers, and agent skills. It addresses a critical gap — most security scanning tools were built for traditional software, not for AI agent configurations.
What It Scans
agent-scan targets three key areas:
1. Agent Configurations
- Auto-discovers local agent configurations (Claude, Cursor, Windsurf, Gemini CLI)
- Analyzes system prompts, tool permissions, and access controls
- Identifies overly permissive configurations
2. MCP Servers
- Connects to MCP servers to fetch tool descriptions
- Scans tool definitions for hidden instructions (tool poisoning)
- Validates MCP server configurations against security best practices
3. Agent Skills
- Scans skill files for malicious payloads and prompt injections
- Checks for insecure configurations and leaked secrets
- Validates against known malicious patterns
The Skill Inspector
Snyk also provides a Skill Inspector — a free, self-service web tool that instantly scans agent skills for security issues:
- Detects malicious skills before installation
- Identifies insecure configurations
- Finds leaked secrets embedded in skill definitions
- Provides actionable remediation guidance
The CLI-Anything Threat
Snyk’s research revealed a significant supply chain risk: CLI-Anything — a technique where a single command turns any open-source repository into an AI agent backdoor by generating SKILL.md files that AI agents trust and execute automatically. Their analysis found that 13.4% of agent skills contain critical security issues, and no traditional SAST or SCA scanner detects malicious instructions in these files.
# Install and run agent-scannpm install -g @snyk/agent-scanagent-scan scan --path ./my-agent-project
# Scan a specific skillagent-scan skill-inspector --skill ./skills/my-skill.md
# Scan MCP server configurationsagent-scan mcp --config ./mcp-config.jsonSnyk + Vercel Partnership
Snyk has partnered with Vercel to secure the skills.sh ecosystem, integrating real-time security scanning to detect malicious payloads and prompt injections before they reach developers’ machines.
NIST SP 800-53 Control Overlays for AI Systems
NIST Control Overlays for Securing AI Systems represents a significant evolution in AI governance — adapting the widely-used SP 800-53 security controls specifically for AI.
What Are Control Overlays?
Control overlays are tailored sets of security controls that adapt, supplement, and refine the baseline SP 800-53 controls for specific technologies. The AI overlays:
- Map AI-specific risks to existing security controls
- Add new controls unique to AI systems
- Provide implementation guidance specific to AI deployments
- Support federal compliance requirements for AI systems
Key Areas Covered
| Domain | Overlay Focus |
|---|---|
| Data Governance | Training data integrity, provenance, and quality controls |
| Model Security | Model integrity, access control, and monitoring |
| Inference Security | Input validation, output filtering, rate limiting |
| Agent Security | Tool permissions, scope limitation, audit logging |
| Supply Chain | Model provenance, dependency verification, artifact scanning |
| Privacy | Data minimization, differential privacy, consent management |
| Bias & Fairness | Testing for discriminatory outputs, fairness metrics |
Timeline
- August 2025: Concept paper and proposed action plan released
- January 2026: Annotated outline (discussion draft) published
- Ongoing: Community engagement through workshops and public comment
NIST AI Agent Standards Initiative
In February 2026, NIST’s Center for AI Standards and Innovation (CAISI) formally launched the AI Agent Standards Initiative — the first US government program dedicated exclusively to establishing security and safety standards for AI agents. This initiative will produce:
- Agent identity and authentication standards
- Agent behavior monitoring requirements
- Agent-to-agent communication security standards
- Agent deployment and operational controls
CSA AI Controls Matrix
The Cloud Security Alliance AI Controls Matrix (AICM) is a vendor-neutral framework with 243 controls across 18 domains for assessing and managing AI-specific security and trust risks.
Structure
The AICM is aligned with major frameworks:
- ISO/IEC 42001: AI Management System requirements
- NIST AI RMF: Risk management framework
- CSA Cloud Controls Matrix (CCM): Existing cloud security controls
- EU AI Act: European AI regulation requirements
The 18 Domains
The matrix covers controls across these domains:
- AI Governance and Risk Management
- Data Quality and Integrity
- Model Development and Training
- Model Validation and Testing
- Deployment and Operations
- Monitoring and Observability
- Incident Response
- Access Control and Identity
- Privacy and Data Protection
- Bias and Fairness
- Transparency and Explainability
- Supply Chain Security
- Agent Security
- Infrastructure Security
- Compliance and Audit
- Business Continuity
- Change Management
- Third-Party Management
Using the AICM
Step 1: Assess current AI deployments against AICM controlsStep 2: Identify gaps between current state and AICM requirementsStep 3: Prioritize remediation based on risk and business impactStep 4: Implement missing controlsStep 5: Validate implementation through testingStep 6: Maintain continuous compliance through monitoringBuilding a Comprehensive AI Governance Stack
Layer 1: Standards and Frameworks
NIST AI RMF → Risk management methodologyNIST SP 800-53 AI Overlays → Security control requirementsCSA AICM → Detailed control specificationsISO/IEC 42001 → Certifiable management systemLayer 2: Technical Controls
Snyk agent-scan → Agent and skill scanningmodelscan → Model artifact scanningMCP-Scan → MCP server scanningllm-guard → Runtime guardrailsLayer 3: Continuous Monitoring
Snyk Agent Security (Evo AI-SPM) → Full lifecycle governanceCSA MCP Security Resource Center → MCP-specific guidanceNIST CAISI standards → Agent security standardsKey Takeaways
- Snyk’s agent-scan fills a critical gap by scanning AI agent configurations, MCP servers, and skills — areas traditional security tools do not cover
- The CLI-Anything threat reveals that 13.4% of agent skills contain critical security issues, highlighting the supply chain risk
- NIST’s AI Control Overlays bring the rigor of SP 800-53 to AI systems, providing a path for federal AI compliance
- The CSA AI Controls Matrix with 243 controls across 18 domains provides the most detailed control framework available for AI security
- Organizations should align their AI security programs with both NIST overlays and CSA AICM for comprehensive governance coverage