The functions on this page are a forward-looking reassignment of the same domains the site already stands on. Today, the diagnostic runs on the operating functions a board sees now; this page is the destination organization they are gating toward. One partition, two moments in time.
F1 · Governance, Risk & Compliance Management
The human head
AI Generalist, GRC
GRC · A&A
The agent fleet
Compliance Mapping Agent
Audit Documentation Agent
Regulatory Monitor
target· L2 AssistedHuman in the loop
Risk acceptance carries legal liability.
Never delegated
Risk acceptance, audit sign-off, regulator representation.
F2 · Identity, Access & Cryptographic Management
The human head
AI Generalist, Identity
IAM · CEK
The agent fleet
Access Intent Validator
Key Rotation Agent
Permission Graph Analyzer
target· L4 AutonomousHuman over the loop
Machine identities move at machine speed; approval queues are a vulnerability.
Never delegated
Identity policy, break-glass access, root-of-trust ceremonies.
Gate note: Intent validation gates separately at Augmented until misintercept rates prove stable.
F3 · Data Security & Privacy Lifecycle
The human head
AI Generalist, Data
DSP · HRS
The agent fleet
Data Classification Agent
PII Redaction Agent
Insider Threat Monitor
target· L4 AutonomousHuman over the loop
Redaction must be inline; post-hoc review is post-breach review.
Never delegated
Privacy policy, DPDP and GDPR obligations, insider escalation.
Gate note: The false-positive rate is a first-class gate metric; over-blocking demotes like leaking.
F4 · Threat, Vulnerability & Incident Management
The human head
AI Generalist, ThreatOps
TVM · LOG · SEF
The agent fleet
Red-Team Agent
Forensic Reconstruction Agent
Anomaly Detection Engine
target· L3 AugmentedHuman on the loop
Containment at machine speed; high-impact remediation notifies a human.
Never delegated
Incident declaration, disclosure, the kill switch.
Gate note: SEF-04 is the live seed lever in our diagnostic; this card is where the model meets the Northwind demo.
F5 · Application & Interoperability Security
The human head
AI Generalist, AppSec
AIS · IPY
The agent fleet
Code Scanning Agent
API Gateway Inspector
Protocol Validation Agent
target· L3 AugmentedHuman on the loop
Continuous scanning of AI-generated code; legacy integration needs human context.
Never delegated
Architecture exceptions, residual legacy risk.
Gate note: Agent-to-agent (MCP) validation gates on zero unverified task propagation across the window.
F6 · Infrastructure, Endpoint & Configuration Management
The human head
AI Generalist, Infrastructure
I&S · CCC · DCS · UEM
The agent fleet
Policy Optimization Agent
Drift Detection Agent
IaC Validator
target· L4 AutonomousHuman over the loop
Ticket-speed response to machine-speed drift is a standing exposure.
Never delegated
Change-freeze authority, physical security.
Gate note: Detection may run Autonomous while reversion holds at Augmented until rollback safety is proven.
F7 · AI Supply Chain & Third-Party Transparency
The human head
AI Generalist, Supply Chain
STA
The agent fleet
Vendor Assessment Agent
Provenance Tracker
Shadow AI Discovery Engine
target· L2 AssistedHuman in the loop
Vendor trust is a business judgment with contractual weight.
Never delegated
Trust tiers, contract risk, supply-chain attribution.
Gate note: Discovery runs hotter than decisioning; inventory completeness is the gate metric.
F8 · Model Security & Operational Resilience
The human head
AI Generalist, Model Security
MDS · BCR
The agent fleet
Adversarial Defense Agent
Weight Integrity Scanner
Failover Coordinator
target· L4 AutonomousHuman over the loop
Adversarial defense is real-time math no human executes manually.
Never delegated
Model release authority, resilience posture, model retirement.
Gate note: MDS is new in AICM v1.1; the youngest domain starts with the shortest track record, so its evidence window runs longest.
A consolidation of the 18 domains and 247 control objectives of the CSA AI Controls Matrix v1.1.