{
  "schema_version": "1.0.0",
  "generator": "build-opportunities.mjs",
  "description": "Where AI-assurance control strength is thin, read across the whole corpus. Ranked, evidence-backed assertions; every figure computed live from the matrices + coverage + threat/risk lenses (never hand-typed). A reading of the public data as an opportunity map \u2014 not a market claim. Regenerated by npm run rehash; --check-gated.",
  "meta": {
    "generated_from": "12 control matrices + proofmap + threatcov + riskcoverage",
    "method": "cross-lens synthesis of coverage gaps, threat/technique thinness, capability-source gaps, and citation-validation debt",
    "controls": 605,
    "domains": 12
  },
  "assertions": [
    {
      "id": "OPP-01",
      "category": "adversarial-technique-coverage",
      "confidence": "high",
      "title": "Adversarial-technique (MITRE ATLAS) mapping is concentrated in one domain",
      "evidence": {
        "atlas_tagged_controls": 41,
        "of_total": 605,
        "domains_with_zero": 11,
        "security_tagged": 41
      },
      "involves": {
        "domains": [
          "agentic",
          "authority",
          "compliance",
          "data",
          "ethics",
          "finance",
          "identity",
          "knowledge",
          "model",
          "privacy",
          "resilience"
        ]
      },
      "assertion": "Of 605 controls, 41 carry an explicit ATLAS technique tag \u2014 and all of them sit in Security. 11 domains (model, agentic, knowledge, data, \u2026) have no adversarial-technique mapping, though ATLAS documents model-poisoning, tool-abuse, RAG/knowledge poisoning, and exfiltration techniques that land squarely in those domains.",
      "opportunity": "Extend ATLAS technique mapping beyond Security into model/agentic/knowledge/data \u2014 the thinnest adversarial-control surface in the corpus and the one the agentic-threat literature (CSA MAESTRO, ATLAS agentic content) is expanding fastest."
    },
    {
      "id": "OPP-02",
      "category": "framework-obligation-gap",
      "confidence": "high",
      "title": "Management-system obligations are the least fully covered",
      "evidence": {
        "least_covered": "iso_42001",
        "partial_pct": 48,
        "partial": 21,
        "total": 44,
        "total_partial_across_frameworks": 66
      },
      "involves": {
        "frameworks": [
          "iso_42001",
          "dora",
          "nist_rmf",
          "eu_ai_act",
          "sr262"
        ]
      },
      "assertion": "ISO/IEC 42001:2023 is the least fully-covered framework: 21/44 obligations (48%) are only partially covered. Across all five anchored frameworks, 66 obligations sit at partial \u2014 concentrated in organizational / management-system obligations that general AI-specific controls do not fully reach.",
      "opportunity": "The partial band is where AI-specific controls meet general governance (AIMS scope, org context, continual-improvement loops). Controls that bridge management-system obligations to concrete AI evidence are the highest-leverage additions."
    },
    {
      "id": "OPP-03",
      "category": "thin-threat-coverage",
      "confidence": "medium",
      "title": "Several threat categories are addressed by only a couple of controls",
      "evidence": {
        "thin_threats": [
          "chain-of-custody-break (2)",
          "compliance-evidence-deficit (2)",
          "confused-deputy (2)",
          "consequence-blindness (2)",
          "cost-explosion (2)",
          "denial-of-service (2)",
          "distribution-shift (2)",
          "inability-to-demonstrate-compliance (2)"
        ]
      },
      "involves": {
        "domains": [
          "agentic",
          "data",
          "knowledge",
          "model",
          "privacy",
          "resilience"
        ]
      },
      "assertion": "Threats including chain-of-custody-break (2 controls), compliance-evidence-deficit (2 controls), confused-deputy (2 controls), consequence-blindness (2 controls) are addressed by only a few controls today \u2014 thin redundancy for failure modes that are becoming more prevalent.",
      "opportunity": "Deepen coverage of silent-model-degradation, distribution-shift, and confused-deputy \u2014 runtime/behavioral failure modes where one or two controls is thin defense-in-depth."
    },
    {
      "id": "OPP-04",
      "category": "high-capability-source-gap",
      "confidence": "medium",
      "title": "Some high-capability controls lack a direct normative source",
      "evidence": {
        "count": 4,
        "examples": [
          "authority/PA-02 [elevated] closest partial",
          "authority/PR-02 [elevated] closest partial",
          "authority/PR-05 [elevated] closest partial",
          "authority/PR-06 [elevated] closest partial"
        ]
      },
      "assertion": "4 controls aimed at frontier/elevated-capability systems have no directly-fitting normative source \u2014 their closest anchor is only a partial fit. Standards bodies have not yet caught up to frontier-capability governance.",
      "opportunity": "These are where the corpus leads the standards: candidates to contribute upstream (to NIST/ISO/CSA) rather than cite. A gap in the sources, not the controls."
    },
    {
      "id": "OPP-05",
      "category": "citation-validation-debt",
      "confidence": "high",
      "title": "A minority of citations are not yet validated against a captured primary text",
      "evidence": {
        "asserted_mappings": 648,
        "asserted_pct": 14,
        "frameworks_affected": 23,
        "top": [
          "mitre (188)",
          "cobit_2019 (70)",
          "soc2 (56)",
          "coso_erm (54)",
          "aicm (41)"
        ]
      },
      "involves": {
        "frameworks": [
          "mitre",
          "cobit_2019",
          "soc2",
          "coso_erm",
          "aicm",
          "coso_icfr",
          "sox",
          "oecd_ai_principles",
          "cobit_dss04",
          "bcbs_239"
        ]
      },
      "assertion": "648 of 4562 framework mappings (14%) cite a framework whose taxonomy is not yet ingested as an anchor \u2014 so the id is asserted, not machine-validated. 23 frameworks are affected, led by mitre, cobit_2019, soc2.",
      "opportunity": "Ingest anchors for the highest-cited asserted frameworks first; every anchor flips its citations from asserted to CI-validated. This strengthens the corpus's own evidentiary chain \u2014 the credibility spine of a public reference."
    }
  ],
  "signals": {
    "atlas_technique_coverage": {
      "tagged_controls": 41,
      "of_total": 605,
      "by_domain": {
        "security": 41,
        "model": 0,
        "identity": 0,
        "agentic": 0,
        "authority": 0,
        "privacy": 0,
        "compliance": 0,
        "resilience": 0,
        "finance": 0,
        "ethics": 0,
        "knowledge": 0,
        "data": 0
      },
      "domains_with_zero": [
        "agentic",
        "authority",
        "compliance",
        "data",
        "ethics",
        "finance",
        "identity",
        "knowledge",
        "model",
        "privacy",
        "resilience"
      ],
      "domains_with_zero_count": 11,
      "note": "ATLAS mapping is Phase 1 (security-first). Adversarial techniques against model/agentic/knowledge/data surfaces are not yet cross-mapped."
    },
    "framework_coverage_gaps": {
      "by_framework": [
        {
          "framework": "iso_42001",
          "label": "ISO/IEC 42001:2023",
          "total": 44,
          "partial": 21,
          "supported": 23,
          "partial_pct": 48
        },
        {
          "framework": "dora",
          "label": "DORA",
          "total": 35,
          "partial": 10,
          "supported": 25,
          "partial_pct": 29
        },
        {
          "framework": "nist_rmf",
          "label": "NIST AI RMF 1.0",
          "total": 77,
          "partial": 19,
          "supported": 58,
          "partial_pct": 25
        },
        {
          "framework": "eu_ai_act",
          "label": "EU AI Act",
          "total": 65,
          "partial": 14,
          "supported": 51,
          "partial_pct": 22
        },
        {
          "framework": "sr262",
          "label": "SR 26-2 (model risk)",
          "total": 22,
          "partial": 2,
          "supported": 20,
          "partial_pct": 9
        }
      ],
      "least_covered": {
        "framework": "iso_42001",
        "label": "ISO/IEC 42001:2023",
        "total": 44,
        "partial": 21,
        "supported": 23,
        "partial_pct": 48
      },
      "total_partial_obligations": 66,
      "of_total": 243
    },
    "thin_threat_coverage": [
      {
        "threat": "chain-of-custody-break",
        "control_count": 2,
        "domains": [
          "agentic",
          "knowledge"
        ]
      },
      {
        "threat": "compliance-evidence-deficit",
        "control_count": 2,
        "domains": [
          "agentic"
        ]
      },
      {
        "threat": "confused-deputy",
        "control_count": 2,
        "domains": [
          "agentic"
        ]
      },
      {
        "threat": "consequence-blindness",
        "control_count": 2,
        "domains": [
          "agentic"
        ]
      },
      {
        "threat": "cost-explosion",
        "control_count": 2,
        "domains": [
          "agentic"
        ]
      },
      {
        "threat": "denial-of-service",
        "control_count": 2,
        "domains": [
          "agentic",
          "resilience"
        ]
      },
      {
        "threat": "distribution-shift",
        "control_count": 2,
        "domains": [
          "data",
          "model"
        ]
      },
      {
        "threat": "inability-to-demonstrate-compliance",
        "control_count": 2,
        "domains": [
          "privacy"
        ]
      }
    ],
    "capability_soft_spots": {
      "count": 4,
      "examples": [
        {
          "control": "authority/PA-02",
          "name": "Approval Limit Enforcement",
          "capability_level": "elevated",
          "best_fit_depth": 0.6,
          "closest_fit": "partial"
        },
        {
          "control": "authority/PR-02",
          "name": "AI-Initiated Commitment Controls",
          "capability_level": "elevated",
          "best_fit_depth": 0.6,
          "closest_fit": "partial"
        },
        {
          "control": "authority/PR-05",
          "name": "SLA Commitment Governance",
          "capability_level": "elevated",
          "best_fit_depth": 0.6,
          "closest_fit": "partial"
        },
        {
          "control": "authority/PR-06",
          "name": "AI in Contract Negotiation Controls",
          "capability_level": "elevated",
          "best_fit_depth": 0.6,
          "closest_fit": "partial"
        }
      ]
    },
    "citation_validation_debt": {
      "asserted_mappings": 648,
      "anchored_mappings": 3914,
      "total_mappings": 4562,
      "asserted_pct": 14,
      "frameworks_affected": 23,
      "top_frameworks": [
        {
          "framework": "mitre",
          "count": 188
        },
        {
          "framework": "cobit_2019",
          "count": 70
        },
        {
          "framework": "soc2",
          "count": 56
        },
        {
          "framework": "coso_erm",
          "count": 54
        },
        {
          "framework": "aicm",
          "count": 41
        },
        {
          "framework": "coso_icfr",
          "count": 35
        },
        {
          "framework": "sox",
          "count": 34
        },
        {
          "framework": "oecd_ai_principles",
          "count": 30
        },
        {
          "framework": "cobit_dss04",
          "count": 25
        },
        {
          "framework": "bcbs_239",
          "count": 19
        }
      ]
    },
    "enforcement_posture": {
      "most_advisory": [
        {
          "domain": "compliance",
          "advisory": 14,
          "controls": 48,
          "pct": 29
        },
        {
          "domain": "knowledge",
          "advisory": 13,
          "controls": 49,
          "pct": 27
        },
        {
          "domain": "identity",
          "advisory": 12,
          "controls": 52,
          "pct": 23
        },
        {
          "domain": "authority",
          "advisory": 11,
          "controls": 53,
          "pct": 21
        },
        {
          "domain": "agentic",
          "advisory": 10,
          "controls": 50,
          "pct": 20
        }
      ]
    }
  }
}
