← Back to getcrawdad.dev
NIST AI Risk Management Framework
How Crawdad maps to the four functions of the NIST AI RMF 1.0.
GOVERN Policies, accountability, and oversight
- Policy engine — configurable rules for which actions agents can take, with trust levels (Untrusted, Basic, Verified, Privileged)
- Cryptographic audit trail — SHA-256 Merkle-chained log of every security decision. Ed25519 signed. Tamper-evident.
- Compliance report generation — signed attestation of what data leaves the network (run
curl localhost:7749/v1/verify)
- Role-based access — API keys scoped per project, admin keys separated from runtime keys
MAP Understanding context and identifying risks
- Threat intelligence feed — 28+ AI agent threats tracked from 10 security sources, updated every 4 hours
- MITRE ATLAS coverage mapping — 13 ATLAS techniques mapped to Crawdad controls (view coverage)
- OWASP LLM Top 10 coverage — all 10 categories assessed with honest status (view coverage)
- STRIDE threat model — systematic analysis of spoofing, tampering, repudiation, disclosure, DoS, and privilege escalation (view model)
- SBOM — CycloneDX bill of materials for every dependency (view SBOM)
MEASURE Quantifying risk and testing controls
- 1,201 automated tests across 17 Rust crates — 0 failures, 0 unsafe blocks
- Open 497-attack / 1,172-negative benchmark: 99.8% detection, 0% false-positive rate, F1 99.90% (published at
github.com/AndrewSispoidis/contemporary-agent-attacks, reproducible by any third party)
- Continuous red team mutation engine: ~75% block rate (adversarial harder set). Target 90%+ before scale, 95%+ at maturity.
- False positive benchmarks: 0 on 57-item hand-curated negative corpus; 0 on 1,075 wild StackOverflow developer messages
- Detection latency: sub-millisecond on pattern-only layers; the ML layer adds platform-dependent inference time (auto-downloaded on macOS ARM64, Linux x86_64, and Linux ARM64; pattern-only on macOS Intel and Windows)
- 12/12 production smoke tests passing — ran after every deployment
- CI/CD pipeline — unit tests, build verification, latency benchmarks on every push
MANAGE Active risk treatment
- Real-time threat blocking — 7-layer detection pipeline blocks prompt injection, jailbreaks, and exfiltration in-proxy. 99.8% detection and 0% false-positive rate on the open 497-attack / 1,172-negative benchmark; ~75% on continuous red team mutation engine.
- PII redaction — 15 PII categories + 10 credential types detected and redacted from outbound responses
- Incident audit log — every blocked request, every scan decision, Merkle-chained with Ed25519 signatures
- Signed compliance reports — cryptographic proof of what data stayed local and what was transmitted
- Threat intelligence updates — new detection signatures every 4 hours from live security feeds
- Transparent proxy — zero code changes to protect existing agents. Set one environment variable.